I recently received a couple of questions about malvertising in my askeset@eset.com. AskESET@eset.com is used only to field general security questions, I cannot and do not offer product support.
Malvertising is a multi-compound word. Mal, in this case is short for malware, which means malicious software. “vertising” is the advertising portion of the word, so malvertising is advertising that uses malware.
The questions asked were as follows:
In short, my two main questions are: 1.) Is it in fact possible for a user to become infected from one of these attacks without intervention (i.e. can infection occur without agreeing to download and run malicious executables)? and 2.) If these attacks are being propagated through known and trusted websites, what constitutes the best line of defense, particularly in the face of rapidly changing threats that may be unrecognized by security software?
To answer the first question… anything is possible. While it is common for the advertisements to lead to fake security software, or other attack software that a user must download or run, there is no reason that a criminal could not or would not try to exploit an unpatched vulnerability in the operating system, browser, or third party software. For this reason, in addition to being very picky about what you believe, download, or run, it is important to keep your operating system and all third party applications patched. Programs like iTunes, QuickTime, Flash, Acrobat, are not Microsoft products, but frequently have had vulnerabilities that can result in the compromise of your computer. I recommend regular scans at www.secunia.com for home users to make sure they know what they need to patch.
Sometimes these attacks are propagated through trusted web sites. The advice to stick with known and trusted websites is still excellent advice, but you have to realize there is always some degree of risk. It’s great advice not to drink and drive, but it doesn’t mean that you avoid all accidents by following that advice. Keep in mind that when you visit a trusted site and click on an advertisement you are leaving the trusted site. Keeping informed about the latest threats and how to avoid them makes a lot of sense.
Randy Abrams
Director of Technical Education