Monthly Archives: September 2009

Malicious ads circa 2007

Posted on by
Reply

Sometimes the only thing you can say about something boils down to the sound of your palm hitting your forehead. We have been seeing many ways in which criminals try to attack unsuspecting users and take over their PCs. One of which has been for quite some time the usage of advertisements as a vehicle to run malicious code on the victim’s browser – also exploiting the fact that these ads show up on the most legitimate sites.

Recently, I ran across an article that “exposes” such a scheme as if it was completely new (see Register article here). My initial response was to tweet about it as it reminded me of how we covered the same issue some years ago. It was late and I was trying to recall how far back was it since this coverage, and surprisingly I got it right! 2007…

Having been running this blog which saves all of my “historical” posts, there is even one dating back to September 2007 here, which references a report I issued for the 2nd quarter of 2007 (means it was written in May) and tracks the story published on the Q1 report (which would mean that I almost missed it and some of these were tracked back at the end of 2006). Funny story how a 3 year old news is reemerging now… For your comfort here are a couple of excerpts from the original research (find the differences…):

Numerous parties are often involved in getting an ad from an advertiser to a consumer. These include advertisers, ad agencies, advertising affiliate networks, adware makers, software makers, distribution affiliates, distribution affiliate networks, and websites. This complicated network of relationships can make it difficult for advertisers to know exactly where their ads are being delivered.

As websites depend more on advertising revenues, they often display ads from third party advertising networks, over which they have little or no control. While legitimate website owners trust advertisers to display non-malicious content, advertisers sometimes “sublet” their space to others. This hierarchy can often comprise several layers, seriously compromising the level of control the website owner has over advertising content.

Bottom line – same as always. If it works, no point of changing anything. Back at the time we were watching sites such as MLB.com, CNN.com and other high profile ones serve malicious ads, and today the situation is not any different. And I thought that I had to keep on the cutting edge of research to keep up in this line of business :-)

Keep safe!

Two steps forward, one step back – controling botnets…

Posted on by
1

Just stumbled across this: http://www.symantec.com/connect/blogs/google-groups-trojan – basically, botnets are utilizing Google groups (could have been any other mailing list system for the sake of argument) to communicate between the bots (trojans) and their command and control centers.

Funny how technology sometimes is way simpler than you imagine it would be. As per the new twitter based botnet channels, and the fancy web2.0 communications that are available for usage (see older post at here), utilizing the age-old mechanism of anonymously posing messages on a newsgroup is humbling.

Nevertheless, it’s the same new story (Google groups were chosen because of the web interface and the uptime reputation), just dressed up in old clothes (pun intended…). The same advice that I gave 2 years ago, which I gave last year, and again 3 months ago, is still valid – forget about putting out fires (that’s your off-the-shelf AV). Focus on proper mitigation, a solution that shows you how the technology is an extension of the company’s research, and forward thinking attitude. Look for solutions that are more behavioral in nature in order to identify mal-intent communications, and act proactively based on the predictions and research done.

Basically – don’t settle for mediocracy!

Stay safe.

Drawing the line – securing an organization while thinking of users…

Posted on by
2

My latest post on the Israeli Insurance Association (http://www.igudbit.org.il/Index.asp?ArticleID=1235&CategoryID=98 [HEBREW]) discusses the challanges of managing risk in a complex organizational environment where you have to take into account end-users meddling with data.

In Israel, insurance agencies are not yet at the stage where they provide full access to insured parties online to their insurance and policy information, but should be getting ready to do so. Some of the considerations and implications of creating the infrastructure for such access is discussed in the article in light of the risk management requirements set forth by regulation for such organizations. Financial institutions have been facing the same issues for years now since online banking have become a standard so it’s a great opportunity to reexamine what policies are applicable and what technologies can be used to enforce them in a very similar environment.