Antimalware tools and techniques security pros need right now
A comprehensive collection of articles, videos and more, hand-picked by our editors
I read about a new attack from the Vonteera adware family that can actually disable antimalware software on endpoint...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
devices. How does Vonteera accomplish this, and what can enterprise security programs do to prevent this adware attack?
Vonteera is like old school adware that an end user might intentionally install on his computer because he thinks it will give him exclusive coupons, sale price notifications and more. What he really gets is an immense number of ads that are difficult to stop and practically take over the computer. Vonteera sets up several scheduled tasks and browser helper objects to display the ads. It also has functionality to monitor that it isn't being removed.
The Vonteera adware disables antimalware software on endpoint devices by setting the software signing certificates used by an antimalware software vendor to "untrusted." This turns a Windows security feature against the antimalware software. Windows has functionality for only allowing signed software to run, which can prevent malware, but when the list of approved certificates is changed, it can be used to disable the antimalware software.
Antimalware tools take several different steps to protect themselves from being disabled: running as a service, using elevated privileges and implementing a monitoring agent to ensure the main application is working, among others. Antimalware tools should now also monitor the certificate store and software restriction policies to ensure their applications are not disabled by malware.
Enterprise security programs can prevent this malware and the Vonteera adware attack by following the essential endpoint security guidance from Securosis or using the more comprehensive Microsoft security baselines.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Find out why your organization needs endpoint antimalware protection
Read about the most effective antimalware products
Learn how to defend yourself against fileless malware
Related Q&A from Nick Lewis
The Fruitfly Mac malware has decades-old code, but has been conducting surveillance attacks for over two years without detection. Expert Nick Lewis ...continue reading
A Gmail phishing attack brought users to fake login pages designed to look like Google's. Expert Nick Lewis explains how users can prevent similar ...continue reading
A HummingBad malware variant, HummingWhale, was discovered being spread through 20 apps on the Google Play Store. Expert Nick Lewis explains the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.