Content

Update: Threat of the month – Drive-by malware

What is it?

Malware embedded in banner ads can infect visitors who are visiting aninnocent website. MySpace was affected in this way, and more than amillion users were hit.

How does it work?

An attacker posing as an advertiser places ads containing malware orcompromises another advertiser's content to serve up malware to thetarget site's visitors. When users visit the target site, the malware isserved up from the advertiser along with the ad.

Should I be worried?

Two distinct threats exist: your users may be at risk, since sitefiltering will not block ads served up at legitimate sites affected thisway, and zero-day exploits are likely to beat your anti-virusprotection. And then there is the potential damage to your brand andreputation if your own company's sites are affected by such an attack.Both are serious threats.

Also, a steady stream of reports of XSS vulnerabilities at high-profilenetworking sites suggests that these sites will continue to be abused bymalware writers, adding another high-volume vector to the existingemail, IM, and p2p mass-distribution techniques.

What can I do about it?

Ensure that browser security is as tight as possible, though there is ausability limit. The Firefox browser is a good choice for security andusability, and its NoScript extension is an excellent way to lock downdrive-bys and other unwanted scripts.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.