pixel_dreams - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Malvertising: How can enterprises defend against malicious ads?

Malicious ads are becoming an increasing threat vector. Expert Nick Lewis explains how to defend your enterprise against the risks of malvertising.

The effects of malvertising are expected to worsen as attacks exploiting Web ads are becoming more sophisticated than ever before. What are some of the best ways to combat malvertising threats?

Mitigating malvertising or malicious ads threats requires a layered strategy that should already be part of an enterprise's information security program for protecting endpoints from malware. Most malvertising ends up exploiting the same vulnerabilities as other malware, but uses ad networks for initial infection.

Some of the most famous malvertising attacks were by the Fluffi Bunni against leading information security vendors; in 2001 Fluffi Bunni compromised an ad network to deface the SecurityFocus website. More recently, Bromium security researchers presented at the Virus Bulletin conference about malvertising attacks utilizing the Yahoo ad network.

Attackers have now learned that compromising a user where they already are is much easier than going out and attacking the user's computer (This could also account for the rise in watering hole attacks).

While ad networks could protect their networks from being used in an attack, many of the steps needed to do so may also prevent legitimate customers from using their services; many ad networks may want to maintain an out-of-band approval mechanism for accounts or even ads.

Ad networks could add validation to reduce the chances that a customer could be compromised or a new malicious customer created. Validation could include vetting potential customers by requiring legal business paperwork and two-factor authentication, scanning potential ads for malicious content prior to publishing the ad, or potentially converting Flash ads to animated gifs or other types of content.

Webhosts could also mitigate malvertising attacks by periodically checking their websites from an unpatched system and monitoring it to see if any malicious activity is detected. If malicious ads are detected, they could then be disabled by the webhost.

To reduce the risk of malvertising attacks affecting the enterprise, security teams should follow general endpoint antimalware advice such as keeping up to date with patches, not running as an admin and so on. Using a network antimalware tool may be more effective against this attack because ad networks don't generally use HTTPS; a network antimalware tool could monitor and block malicious full HTTP connections.

Ask the Expert:
Perplexed about enterprise security? Send Nick Lewis your questions today. (All questions are anonymous.)

Next Steps

Learn more about the ever-expanding malvertising threat.

This was last published in April 2015

Dig Deeper on Malware, virus, Trojan and spyware protection and removal