Web Users Must Stay Extra Wary to Fend Off Stealthy 'Malvertising'

By Wayne Rash  |  Posted 2016-04-02 Print this article Print
Stealthy Malvertising

The fingerprinting will reveal what security products are being used and whether the potential target meets other criteria, and which point it launches the exploit kit.

In addition, the fingerprinting process will then catalog the IP address and won't serve more malware. This makes it harder to track down, and it ensures that they're not trying to infect the same computer more than once. I found this out when I went back to the same Macintosh publication and tried to get the malware blocked again. It didn't reappear.

Fortunately, there are solutions. The most important is to keep your computers rigorously up to date. Being even a few days late in fixing a zero-day vulnerability can open your computer to infection. This also means making sure you have the most current version of the operating system on your computers, so if you're using Windows, it should be Windows 10.

Next, you need to make sure you have the right anti-malware protection on your computer and on your network. This includes having current, up to date, security software on each machine. A good antivirus package is essential, but you also need a behavior-based security package to pick up malware that doesn't match the signatures in your other products.

Your network should have a strong, configurable, hardware firewall of some type. Preferably this should be a next-generation security device that can identify malware through machine learning, but also prevents certain types of traffic from entering or leaving the network.

The best known of these devices come from Barracuda and Palo Alto Networks, but it's important to know that such devices do require administration by someone with a clue, because they're not really plug and play devices.

Finally, there are ad blockers. Segura said that because they prevent ads from being served to your computer, they will also block malicious ads. However, he said that this isn't a sure-fire way to prevent malware delivery and it limits many other things you can do on the internet. Segura said that if ad blockers are broadly used, it will also begin to impact material that's currently available for free on the Internet.

Unfortunately, the obvious step of requiring the ad networks to police what they are distributing on the Web is very hard to do. The writers of malvertising go to great lengths to avoid detection by the ad networks, including by serving legitimate ads for however long it takes before no one notices that the content has changed to malware.

In the meantime, it's up to you and your organization. If you follow the best practices, keep current backups and train your staff, the chances of a successful infection are minimized. Today I was able to catch a malvertising attack. You should be able to do the same.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel