I read about a new attack from the Vonteera adware family that can actually disable antimalware software on endpoint...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
devices. How does Vonteera accomplish this, and what can enterprise security programs do to prevent this adware attack?
Vonteera is like old school adware that an end user might intentionally install on his computer because he thinks it will give him exclusive coupons, sale price notifications and more. What he really gets is an immense number of ads that are difficult to stop and practically take over the computer. Vonteera sets up several scheduled tasks and browser helper objects to display the ads. It also has functionality to monitor that it isn't being removed.
The Vonteera adware disables antimalware software on endpoint devices by setting the software signing certificates used by an antimalware software vendor to "untrusted." This turns a Windows security feature against the antimalware software. Windows has functionality for only allowing signed software to run, which can prevent malware, but when the list of approved certificates is changed, it can be used to disable the antimalware software.
Antimalware tools take several different steps to protect themselves from being disabled: running as a service, using elevated privileges and implementing a monitoring agent to ensure the main application is working, among others. Antimalware tools should now also monitor the certificate store and software restriction policies to ensure their applications are not disabled by malware.
Enterprise security programs can prevent this malware and the Vonteera adware attack by following the essential endpoint security guidance from Securosis or using the more comprehensive Microsoft security baselines.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Find out why your organization needs endpoint antimalware protection
Read about the most effective antimalware products
Learn how to defend yourself against fileless malware
Related Q&A from Nick Lewis
A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how ...continue reading
An Apache Struts vulnerability is still being exploited, even though it has already been patched. Expert Nick Lewis explains why the Struts platform ...continue reading
A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.