A new combination of techniques aimed at distributing malicious software malvertising virus dubbed 'malvertising' (the confluence of malware and advertising) is rapidly spreading across the Internet. Malvertising is the latest spin on the covert installation of malware / spyware through the use of online advertisements hosted on well-known web and social networking sites. Currently the malvertising market is considered a multibillion dollar global business.
A string of incidents in recent weeks has increased concerns: one such incident installed a variant of the Win32/Alureon Trojan. The Trojan was slightly modified to elude antivirus signatures and once installed, it downloaded additional malicious software from the web to manipulate search results by redirecting users to the sites of the attacker's choosing.
Popular web sites hit by a series of recent malvertising attacks include The New York Times, Lyrics.com, Slacker.com and Horoscope.com, all of which get millions of visitors every day. Some reports indicate that users who have suffered damage from malicious advertisements may even sue the owners of web sites where the malware appeared.
Did you know...
- While the online advertising market has recently seen significant declines, recent polling suggests that 50% think it will decline further and 50% think online advertising will begin to rebound as the economy picks up.
- By the end of 2009, malvertising may infect hundreds or thousands of reputable sites and be seen by tens of millions of users.
- A malicious ad took over The New York Times website, popping up a window that showed a bogus virus scan then prompted users to buy antivirus software to fix a problem which did not exist.
The Bottom Line:
Malvertising is a double-edged sword for organizations with advertising websites. Not only do they have to worry about their own end-users becoming infected from other sources, they have to ensure they are not inadvertently hosting malvertising for their customers. And, as with all security issues, once the biggest targets have protected themselves, attackers will move on to less well known sites that lack adequate protection.
Solutionary can work with content providers to ensure that they have the proper education, policies, procedures, and tools to prevent malvertising from being hosted on their websites. For everyone else, threats to user endpoints are continuously being invented, evolving, and being revived; the only defense is a strong security program and execution that includes the following:
- Restricted rights to end-users enforced through configuration and policies
- Endpoint OS and software patch management in place, effective, and monitored (Adobe Flash is a common target for malvertising)
- Endpoint anti- (virus, spyware, malware) software and definitions current and monitored
- Endpoint HIPS / network IDP and log monitoring to prevent / detect infections quickly
- Security awareness: appropriate use of and security threats to user endpoints
Solutionary can provide managed service and assessments to ensure your security program is protecting and defending your user base against threats including malvertising.
November, 2010
