November 10, 2015
Malvertising: The Latest Malware Threat
There’s a new threat when it comes to malware. Malvertising uses third-party ads on legitimate websites to infect computers with little to no interaction.
According to Computerworld, malvertising can exploit zero-day vulnerabilities in Adobe Flash to run commands through the browser on the victim computer’s operating system. The virus is also difficult to detect because of additional encryption.
Similar to the Stagefright vulnerability on Android devices from this past summer, this vulnerability is unique because it doesn’t take a large amount of user interaction to infect a computer. With Stagefright, a simple text message could infect an Android device, without even being opened by the recipient. And before you knew it, any trace of the message and infection would be gone.
The malware known as Angler Malware is particularly frightening because it can be found on mainstream news sites (e.g. The Wall Street Journal) as opposed to less credible websites where one would typically encounter malware, so web filtering won’t save the day.
As Wired points out, no one expects to be infected with a virus when visiting sites like YouTube and Reuters, and this is exactly what malvertising relies on. They use trusted destinations ‘as a lure’ before attacking the unsuspecting user.
This brings up a unique challenge for users and IT professionals. Typically, there was a rule of thumb to follow to decrease your chances of coming across malvertising. However, this changes the game in that you can’t predict where you may be infected. While it may be impossible to avoid malvertising all together, your best bet is to of course have the most up-to-date anti-virus software, and as always make sure you have a BCDR solution in place. In the event your data is corrupted, you want to be able to avoid costly downtime and data loss.