A recent report from Damballa claims ransomware evolved out of a click fraud attack. How does this work? I understand...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
that low-risk attacks can sometimes cause more serious damage, but we don't have the staff or resources to investigate every low-level attack. Should certain issues be prioritized?
Malware authors are trying to find any way to potentially profit from their malicious code, and that includes click fraud attacks. This goes back to the origins of adware, spyware and malware where if a security tool found a malicious cookie, many security professionals would ignore the cookie or delete it rather than further investigate. This extends to potentially unwanted programs and other executable software. If click fraud malware is profitable for attackers, they will continue to use it. But if more profit can be made with minimal additional risks for the malware author, updating her existing malware to use a different "monetization" module in the malware might make sense. The malware could include several different ways to monetize the compromised endpoint for the malware author to profit. As Damballa reports, malware can be quickly adapted to avoid being detected by antimalware tools and to incorporate new and more malicious functionality, such as ransomware.
The concern over investigating every low-level attack is a significant one for most institutions. Part of the issue is that it is difficult to know if click fraud malware has now decided to include functionality for ransomware or destructive malware. An enterprise could use risk assessments based on the data security requirements to drive prioritization for investigating low-level malware. For example, if click fraud malware is found in a payment card environment, it should be investigated immediately, but that same malware would probably not need to be investigated on a guest wireless network.
Using an antimalware tool that's rapidly updated as changes are detected in the vendor's customer base will help reduce the time it takes to determine if additional investigation of low-level threats is necessary. Using a threat intelligence service that monitors many different networks to complement your existing endpoint and network-based antimalware tools can also help identify when malware has changed tactics from just click fraud to ransomware.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and ...continue reading
A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend ...continue reading
A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.