Antimalware tools and techniques security pros need right now
A comprehensive collection of articles, videos and more, hand-picked by our editors
I read about a new attack from the Vonteera adware family that can actually disable antimalware software on endpoint...
devices. How does Vonteera accomplish this, and what can enterprise security programs do to prevent this adware attack?
Vonteera is like old school adware that an end user might intentionally install on his computer because he thinks it will give him exclusive coupons, sale price notifications and more. What he really gets is an immense number of ads that are difficult to stop and practically take over the computer. Vonteera sets up several scheduled tasks and browser helper objects to display the ads. It also has functionality to monitor that it isn't being removed.
The Vonteera adware disables antimalware software on endpoint devices by setting the software signing certificates used by an antimalware software vendor to "untrusted." This turns a Windows security feature against the antimalware software. Windows has functionality for only allowing signed software to run, which can prevent malware, but when the list of approved certificates is changed, it can be used to disable the antimalware software.
Antimalware tools take several different steps to protect themselves from being disabled: running as a service, using elevated privileges and implementing a monitoring agent to ensure the main application is working, among others. Antimalware tools should now also monitor the certificate store and software restriction policies to ensure their applications are not disabled by malware.
Enterprise security programs can prevent this malware and the Vonteera adware attack by following the essential endpoint security guidance from Securosis or using the more comprehensive Microsoft security baselines.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Find out why your organization needs endpoint antimalware protection
Read about the most effective antimalware products
Learn how to defend yourself against fileless malware
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ...continue reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common...continue reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.