The effects of malvertising are expected to worsen as attacks exploiting Web ads are becoming more sophisticated...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
than ever before. What are some of the best ways to combat malvertising threats?
Mitigating malvertising or malicious ads threats requires a layered strategy that should already be part of an enterprise's information security program for protecting endpoints from malware. Most malvertising ends up exploiting the same vulnerabilities as other malware, but uses ad networks for initial infection.
Some of the most famous malvertising attacks were by the Fluffi Bunni against leading information security vendors; in 2001 Fluffi Bunni compromised an ad network to deface the SecurityFocus website. More recently, Bromium security researchers presented at the Virus Bulletin conference about malvertising attacks utilizing the Yahoo ad network.
Attackers have now learned that compromising a user where they already are is much easier than going out and attacking the user's computer (This could also account for the rise in watering hole attacks).
While ad networks could protect their networks from being used in an attack, many of the steps needed to do so may also prevent legitimate customers from using their services; many ad networks may want to maintain an out-of-band approval mechanism for accounts or even ads.
Ad networks could add validation to reduce the chances that a customer could be compromised or a new malicious customer created. Validation could include vetting potential customers by requiring legal business paperwork and two-factor authentication, scanning potential ads for malicious content prior to publishing the ad, or potentially converting Flash ads to animated gifs or other types of content.
Webhosts could also mitigate malvertising attacks by periodically checking their websites from an unpatched system and monitoring it to see if any malicious activity is detected. If malicious ads are detected, they could then be disabled by the webhost.
To reduce the risk of malvertising attacks affecting the enterprise, security teams should follow general endpoint antimalware advice such as keeping up to date with patches, not running as an admin and so on. Using a network antimalware tool may be more effective against this attack because ad networks don't generally use HTTPS; a network antimalware tool could monitor and block malicious full HTTP connections.
Ask the Expert:
Perplexed about enterprise security? Send Nick Lewis your questions today. (All questions are anonymous.)
Learn more about the ever-expanding malvertising threat.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that ...continue reading
Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the ...continue reading
Vulnerabilities in Java and Python have opened them up to possible FTP injections. Expert Nick Lewis explains how enterprises can mitigate these ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.