According to reports, users are apparently far more likely to encounter malware when Web browsing as opposed to...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
checking email, and that Web-borne malware is harder for antimalware systems to detect. Why is this? How can organizations shift their tactics to successfully combat Web-based malware?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
Attacks that occur over an encrypted session make it more difficult for network security devices to detect malicious traffic, while endpoint security tools often struggle to detect rapidly changing malware. In this case, email systems, including Web mail, usually use encrypted connections, whereas compromised websites use encryption less often. Many email systems transfer email encrypted over the network and only would be detected if an SMTP server in the SMTP path (where the server has access to the unencrypted data) scanned it for malware and phishing, or stripped out the malicious contents. Compromised websites that aren't using SSL/TLS can be scanned while exiting the source network, in transit or entering the endpoint's network. This scan can be performed in a similar manner to an email scan, but could also block an outbound connection initiated by malware along with the malware from the compromised website. Some endpoint security products do detect malware while browsing the Web, though. This can be done by analyzing the network traffic on the computer or monitoring a Web browser's behavior. Browsers found to be using non-standard proxy settings, running slowly or that have had their home page and search default changed are likely compromised.
Attacks evolve to target the weakest link in infosec defenses and tend to target the widest audience possible. Whether it be an attacker using compromised systems for distributed denial-of-service attacks or targeted attacks aimed at large financial institutions, attackers will choose whatever method is most likely to get them the compromised hosts they want. As long as websites are built without the proper encryption options, attackers will look to take advantage via Web-based malware.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how ...continue reading
An Apache Struts vulnerability is still being exploited, even though it has already been patched. Expert Nick Lewis explains why the Struts platform ...continue reading
A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.