Update: Threat of the month - Drive-by malware

By on

What is it?

Malware embedded in banner ads can infect visitors who are visiting an innocent website. MySpace was affected in this way, and more than a million users were hit.

How does it work?

An attacker posing as an advertiser places ads containing malware or compromises another advertiser's content to serve up malware to the target site's visitors. When users visit the target site, the malware is served up from the advertiser along with the ad.

Should I be worried?

Two distinct threats exist: your users may be at risk, since site filtering will not block ads served up at legitimate sites affected this way, and zero-day exploits are likely to beat your anti-virus protection. And then there is the potential damage to your brand and reputation if your own company's sites are affected by such an attack. Both are serious threats.

Also, a steady stream of reports of XSS vulnerabilities at high-profile networking sites suggests that these sites will continue to be abused by malware writers, adding another high-volume vector to the existing email, IM, and p2p mass-distribution techniques.

What can I do about it?

Ensure that browser security is as tight as possible, though there is a usability limit. The Firefox browser is a good choice for security and usability, and its NoScript extension is an excellent way to lock down drive-bys and other unwanted scripts.

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?