New form of malware preys on outdated, buggy software that people don’t update
The security community has been surprised this year by a new form of malware that can infect your computer simply by your visiting a popular, trusted website.
The malware is called “malvertising” because it is dispensed through a website’s ad network. Malwarebytes.org explains:
Malvertising is a silent killer because malicious ads do not require any type of user interaction in order to execute their payload. The mere fact of browsing to a website that has adverts (and most sites, if not all, do) is enough to start the infection chain.
Without your knowledge a tiny piece of code hidden deep in the advert is making your computer go to criminal servers. These then catalogue details about your computer and it’s location, before choosing which piece of malware to send you. This doesn’t need a new browser window and you won’t know about it.
The first sign will often be when the malware is already installed and starts threatening money for menaces, logging your bank details or any number of despicable scams.
It’s important to realize that anyone can be infected without engaging in any risky behavior. You don’t have to click anything, you just have to be scanning headlines, looking at the weather forecast or watching a video.
Yahoo visitors victimized
For example, 6.9 billion visitors visited Yahoo in July, the month it was unknowingly dishing out infected advertisements (since there are only 7 billion people on earth, there must be repeat visitors in that figure). The only thing people did wrong to become infected was visit Yahoo.
Of course Yahoo responsibly put an immediate stop to the malvertising campaign once they learned of it, but the damage was done.
These clusters of criminal code are secretly dotted around the Internet, hiding on invisible landing pages. When you encounter one, your computer is automatically catalogued. The Exploit Kit builds up a picture of what everyday software you have running, such as browsers, PDF readers, Flash Player, Java, and most importantly whether any of these have flaws, called vulnerabilities. It is basically looking at your computer for known holes to exploit.
After figuring out which of these weaknesses are present, it uses pre-built ‘exploit’ code to force this hole wide open. This essentially leaves your computer at the mercy of the attacker, allowing them to install whatever malicious software they want, bypassing many security software programs.
Not just Yahoo
Yahoo hasn’t been the only compromised site. Drudge Report, Weather.com, wunderground.com, findagrave.com, webmaila.juno.com, my.netzero.net, and sltrib.com have all been victims of malvertising in recent weeks.
Did you visit Yahoo or one of those other sites in July and August? Your infection is not guaranteed, but you may want to run an antivirus scan on your entire computer. If anything turns up, change your passwords.
How does this happen?
When you visit any site that presents ads, that website references other websites to deliver those ads. Those other ad-delivering websites may be doing bad things that eventually install something called an Exploit Kit:
These clusters of criminal code are secretly dotted around the Internet, hiding on invisible landing pages. When you encounter one, your computer is automatically catalogued. The Exploit Kit builds up a picture of what everyday software you have running, such as browsers, PDF readers, Flash Player, Java, and most importantly whether any of these have flaws, called vulnerabilities. It is basically looking at your computer for known holes to exploit.
After figuring out which of these weaknesses are present, it uses pre-built ‘exploit’ code to force this hole wide open. This essentially leaves your computer at the mercy of the attacker, allowing them to install whatever malicious software they want, bypassing many security software programs.
This doesn’t happen overtly and it typically works in one of two different ways. Either a piece of malicious code hidden in plain sight on the website, or an advert displayed on the page itself is infected. Both methods immediately redirect you to the Exploit Kit without showing any signs to the user. Once there, if you have vulnerabilities on your computer, it’s game over.
What you can do
- Set your OS, browser, Adobe Flash and PDF Reader, Java, and all browser plugins to automatically update. IMPORTANT – when the little window comes up saying do you want to update now, always click YES
- Disable Java and Flash. Better yet, uninstall them and avoid the few remaining websites that still use them.
- Stop using Internet Explorer!!! It’s riddled with security holes. Use Firefox – better privacy and security protection
- Install script-blocking plugins in your browser such as NoScript. They will block javascript code from running on your computer when you visit a website unless you specifically enable it. More on this in a separate article.
- If you visited Yahoo this summer, perform an antivirus scan on your entire computer. If anything turns up, change all your passwords.
- Consider installing an anti-exploit blocker such as the freemium one offered by Malwarebytes.
A word about ad-blockers
If this malware is installed via advertisements, wouldn’t an ad-blocker protect me? Yes, of course!
However I am against installing ad-blockers because that is how all of the wonderful websites you visit stay alive. If everyone blocked all the ads, your favorite websites would go away. Besides, if you do all of the more comprehensive steps listed above, you won’t need an ad-blocker.
Clik here to view.
malvertising infographic
The post If You Don’t Automatically Update Your Software, Malvertising Has Probably Already Claimed Your Computer appeared first on Easy Security Online.