by RSS Daniel Dern  |  Jun 02, 2015  |  Filed in: Industry Trends & News

As if using the Internet -- the Web in particular -- weren't already fraught with cyber-perils, users -- in offices on company LANs, as well as home-based and mobile individual users -- have to add "malvertising" to the list of things from which they need to protect themselves.

"Malvertising," like the name suggests, means "ads that contain malware." Like other malware infection vectors, some mal-ads aren't dangerous unless you click on them -- but others can do "drive-by downloads," sneaking their malware payload onto your computer simply because you are viewing the page or app on which the ad appears.

While most malvertising is on web sites, it can also show up on other ad-displaying apps, such as Facebook, Skype, some email programs, and many games.

The reason that malvertising is more of a problem than other malware approaches is that it can be spread through online advertising delivery networks like Google DoubleClick and Merchenta to legitimate sites that users routinely visit, like the New York Times, C|Net, Huffington Post, and Hulu, as well as routinely-used mobile apps that show ads. And malware-bearing ads can be "injected" either by hacking ads at the provider end or by buying and providing malware-bearing ads. In most cases, there's no way for a user to tell just by looking that an ad has been compromised.

The Potential Damage

The dangers of advertising-delivered malware are the same as those from malware you get any other way. Malware can steal account usernames and passwords, bank and credit card numbers, and other sensitive data. It can encrypt your data and "hold it for ransom." It can in turn infect other computers on your network, and turn your computer into a "zombie" spewing out spam and malware out to the Internet.

Like other viruses and malware, malvertisements look for, and take advantage of, security vulnerabilities on users' computers and mobile devices. These may be anywhere from the operating system, to web browsers and other applications, to add-ons and extensions for these programs. "Popular" attack targets for malware include Java, JavaScript, Adobe Flash, and Microsoft Silverlight.

How do you know if your computer has been infected by malware? One sign is that your web browser is showing unexpected display or pop-up ads, or seems to be running slower. But many malware infections remain "stealthed," possibly even eluding anti-malware scans.

Companies on the ad-serving side -- ad creators and ad delivery networks -- are working on ways to detect and prevent malware from getting into the digital ads they serve. Otherwise, people have even more reason to not look at ads or block ads entirely.

But -- assuming it can be done, about which I'm not optimistic -- this won't happen for a year or more. The burden is on companies and their users (and on individuals) to do their best to protect their networks and computers (and mobile devices).

What Can Companies (and Their Users) Do?

Although malvertising is a relatively new vector, best security practices still apply -- If you’re already doing things right, keep doing them. So what does “doing things right” look like?

  1. Maintain strong network security measures. Next generation firewalls at the gateway can often detect malware payloads delivered by ads, block the ads entirely, and/or detect communication between already-infected devices (e.g., an employee’s laptop infected at home) and command and control servers.
  2. Regularly backup systems and critical files so that if your systems and data are compromised, you can quickly restore to a pre-infected state.
  3. Deploy endpoint security software on every device so that it’s protected on and off the network.
  4. Ensure that all device operating systems and client software (especially web browsers) are fully patched and up to date.
  5. Consider disabling scripting (JavaScript, Silverlight) and plug-ins like Flash, and installing protective add-ons like NoScript, AdBlock, and Ghostery.
  6. Don't use ADMIN-privileged accounts for daily work. Create one or more user accounts (either locally if necessary or through directory services) that won't allow software to be installed via web browsers or other online apps.
  7. If you suspect a computer has been infected, stop using it for sensitive activities until it's been "dis-infected." Again, many security appliances can help you identify and quarantine infected devices .

And, of course, users should be educated about all of the usual precautions they should be following as computer/Internet users. In this case, start by not clicking on those ads.

Again, it's unfortunate that even more of everyday Internet use is potentially unsafe... but the steps to fend off malvertising are basically the security precautions companies and individuals should already be following.

by RSS Daniel Dern  |  Jun 02, 2015  |  Filed in: Industry Trends & News

comments powered by Disqus