According to reports, users are apparently far more likely to encounter malware when Web browsing as opposed to...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
checking email, and that Web-borne malware is harder for antimalware systems to detect. Why is this? How can organizations shift their tactics to successfully combat Web-based malware?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
Attacks that occur over an encrypted session make it more difficult for network security devices to detect malicious traffic, while endpoint security tools often struggle to detect rapidly changing malware. In this case, email systems, including Web mail, usually use encrypted connections, whereas compromised websites use encryption less often. Many email systems transfer email encrypted over the network and only would be detected if an SMTP server in the SMTP path (where the server has access to the unencrypted data) scanned it for malware and phishing, or stripped out the malicious contents. Compromised websites that aren't using SSL/TLS can be scanned while exiting the source network, in transit or entering the endpoint's network. This scan can be performed in a similar manner to an email scan, but could also block an outbound connection initiated by malware along with the malware from the compromised website. Some endpoint security products do detect malware while browsing the Web, though. This can be done by analyzing the network traffic on the computer or monitoring a Web browser's behavior. Browsers found to be using non-standard proxy settings, running slowly or that have had their home page and search default changed are likely compromised.
Attacks evolve to target the weakest link in infosec defenses and tend to target the widest audience possible. Whether it be an attacker using compromised systems for distributed denial-of-service attacks or targeted attacks aimed at large financial institutions, attackers will choose whatever method is most likely to get them the compromised hosts they want. As long as websites are built without the proper encryption options, attackers will look to take advantage via Web-based malware.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how ...continue reading
Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this...continue reading
Malicious Windows BITS tasks set up by attackers can reinfect systems even after the malware has been removed. Expert Nick Lewis explains how to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.