According to reports, users are apparently far more likely to encounter malware when Web browsing as opposed to...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
checking email, and that Web-borne malware is harder for antimalware systems to detect. Why is this? How can organizations shift their tactics to successfully combat Web-based malware?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
Attacks that occur over an encrypted session make it more difficult for network security devices to detect malicious traffic, while endpoint security tools often struggle to detect rapidly changing malware. In this case, email systems, including Web mail, usually use encrypted connections, whereas compromised websites use encryption less often. Many email systems transfer email encrypted over the network and only would be detected if an SMTP server in the SMTP path (where the server has access to the unencrypted data) scanned it for malware and phishing, or stripped out the malicious contents. Compromised websites that aren't using SSL/TLS can be scanned while exiting the source network, in transit or entering the endpoint's network. This scan can be performed in a similar manner to an email scan, but could also block an outbound connection initiated by malware along with the malware from the compromised website. Some endpoint security products do detect malware while browsing the Web, though. This can be done by analyzing the network traffic on the computer or monitoring a Web browser's behavior. Browsers found to be using non-standard proxy settings, running slowly or that have had their home page and search default changed are likely compromised.
Attacks evolve to target the weakest link in infosec defenses and tend to target the widest audience possible. Whether it be an attacker using compromised systems for distributed denial-of-service attacks or targeted attacks aimed at large financial institutions, attackers will choose whatever method is most likely to get them the compromised hosts they want. As long as websites are built without the proper encryption options, attackers will look to take advantage via Web-based malware.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.