Thanks, Michael,
This was a disturbing report. If I understand the message clearly, Web sites that have been considered "trustworthy" by (a sort of) default mentality can be hacked (perhaps that is not the right word) to deliver malware. Who can we trust?
Do you know of any major industries, banks for example, that may have been affected?
Ed
Discussion on:
View:
Show:
The bad guys try hard to keep their malcode as inconspicuous as possible, so it is hard to say which sites are affected. The best thing you can do is make sure your computer's operating system and application software is up-to-date. There are other options, but they sacrifice convenience.
I wrote about banks and malware a few years ago, but some of it is still relevant:
http://www.techrepublic.com/blog/security/on-line-banking-how-safe-is-it/2409
I wrote about banks and malware a few years ago, but some of it is still relevant:
http://www.techrepublic.com/blog/security/on-line-banking-how-safe-is-it/2409
I've been saying this for the last couple of years.
Malware from Advertising networks were the initial attack vehicle as website developers had no control over what ads were being shown.
I was just accosted by a popup that insisted I click a box to confirm my membership! I tried reloading the page, but was kicked off TR, and had to navigate back to this article from a Bing search! Maybe TR is the new watering hole for malware writers? Good thing I have EMET configured!
Anyway - I just wanted to add that lately it has become very difficult to acquire zero day exploits from the usual resources. When fellow honeypot testers started getting no bites from the usual web sites, they had to change tactics, because the old way of doing it resulted in dead links or failed to extract truly zero day bugs.
Now the best source is to get a junk email account and simply open as many spam attachments as you can, to throw at the VM environment for testing. This has just been in the last two months - so Michael, your Cisco guys are right - the threatscape is constantly changing - and trying to keep up with it is like bobbing around in a storm on a peace of wooden flotsam from the last shipwreck I was on!
I couldn't agree more with their assessment.
Anyway - I just wanted to add that lately it has become very difficult to acquire zero day exploits from the usual resources. When fellow honeypot testers started getting no bites from the usual web sites, they had to change tactics, because the old way of doing it resulted in dead links or failed to extract truly zero day bugs.
Now the best source is to get a junk email account and simply open as many spam attachments as you can, to throw at the VM environment for testing. This has just been in the last two months - so Michael, your Cisco guys are right - the threatscape is constantly changing - and trying to keep up with it is like bobbing around in a storm on a peace of wooden flotsam from the last shipwreck I was on!
I couldn't agree more with their assessment.
I believe it might be just a check of your log in information.
that's par for the course. I see that periodically, usually in conjunction with a variety of other site misbehaviors.
Michael, I don't think it's any kind of scheduled account check. I usually log on to TR on a Monday and don't log off until Friday. Sometimes I'll go for several weeks without seeing this problem; when it happens, I'll see it several times in an afternoon.
Michael, I don't think it's any kind of scheduled account check. I usually log on to TR on a Monday and don't log off until Friday. Sometimes I'll go for several weeks without seeing this problem; when it happens, I'll see it several times in an afternoon.
I was making an assumption as it seemed that way to me. I should know better.
The news kept reporting increasing numbers of legitimate web-sites being infected with drive-by malware, it went from the tens of thousands to hundreds of thousands within just two years. So this news is not quite as shocking - to me anyway.
Advertising networks hit the New York Times and other big name sites, but I did not realize the extent portrayed by the Cisco report.
I'm waiting for -1 votes to require a comment, or at least the voter's member name.
The thing about the figures in this graphic, is I don't see a granular breakdown of what Dynamic Content and Content Delivery Networks comprise.
I'm thinking that Dynamic Content and Content Delivery are probably drivers in the Pr0n industry, being that it seems unlikely that delivery vectors like Games and Health and Nutrition would show up as individual categories and porn would be entirely absent.
I'm thinking that Dynamic Content and Content Delivery are probably drivers in the Pr0n industry, being that it seems unlikely that delivery vectors like Games and Health and Nutrition would show up as individual categories and porn would be entirely absent.
It is my understanding those two entities are related to the ad networks that push adverts to websites. The problem being the website developer is not aware of malware being served, as the content is independent of his server and code. The most talked-about case of this was the New York TImes.
Not that I have any familiarity with the industry, but I think that a lot of porn outlets actually pioneered this method of affiliate and referral content linking.
I think you're right, it is an inherent risk in the fact that these are supposed to be trusted networks of partner sites sharing content with one another and so mainstream sites you wouldn't expect deliver malware and viruses through this vector as well. I just think this segment of the infographic folds legitimate sites with the NSFW ones.
I'll give you another example somewhere between porn sites and respectable mainstream sites...
You ever get sidetracked by those "Trending on the Web" sidebars that deliver external content that is usually sensational, tabloid-style stories? Things like a red circle around a portion of a frame from a movie like Harry Potter, or a story like, "10 things girls don't know they're doing wrong in bed"... Those are the same basic methodology of delivering content that we're talking about here - and those will quickly get you into networks of affiliates that are rife with malware. Those don't really show up as an individual category here, either... but I think it is because they're all included in the two categories you define.
I think you're right, it is an inherent risk in the fact that these are supposed to be trusted networks of partner sites sharing content with one another and so mainstream sites you wouldn't expect deliver malware and viruses through this vector as well. I just think this segment of the infographic folds legitimate sites with the NSFW ones.
I'll give you another example somewhere between porn sites and respectable mainstream sites...
You ever get sidetracked by those "Trending on the Web" sidebars that deliver external content that is usually sensational, tabloid-style stories? Things like a red circle around a portion of a frame from a movie like Harry Potter, or a story like, "10 things girls don't know they're doing wrong in bed"... Those are the same basic methodology of delivering content that we're talking about here - and those will quickly get you into networks of affiliates that are rife with malware. Those don't really show up as an individual category here, either... but I think it is because they're all included in the two categories you define.
I linked my article about malvertising from 2011 in the post and that was when this type of attack began to appear on the radar.
http://www.techrepublic.com/blog/security/malvertising-adverts-that-bite/5694
http://www.techrepublic.com/blog/security/malvertising-adverts-that-bite/5694
That I must apologize, although I have enough wiggle in the title's word choice to technically be the one to blame. How's that for trying to escape.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
