The recent discovery of the AdGholas malvertising campaign gives a whole new meaning to the idea of secret code. As the first to utilize steganography in a malware campaign, AdGholas operated successfully and stealthily since October 2015 before being discovered.
To infect its targets, AdGholas’ malware incorporates malicious coding into secret messages that it then hides among ordinary text in everyday advertisements across the web. The cryptographic script then lies dormant until presented with the opportunity to infect an unprepared and unprotected computer, at which point it creates chaos on an unsuspecting user’s computer.
Researchers Determined That AdGholas Placed Malicious Ads on 113 Domains, Including The New York Times
To get a handle on the situation, researchers from Proofpoint have built a virtual machine and conducted a series of tests to determine how the malicious code conducts its attack. Basically, if the code likes the user’s profile and if it determines it can launch a successful attack, it’s open season for invasion on the victim’s computer. The code is sophisticated enough to focus its attacks on users with the weakest defenses, and it leverages the Angler and Neutrino exploit kits to target its victims and infect them with malware.
AdGholas successfully coded malicious ads on 113 domains, including The Verge and The New York Times — and generated one to five million hits in traffic each day.
Malvertising Is More Sophisticated and Adaptive Than Ever Before
Exploit kit-based malvertising isn’t going anywhere—except up in sheer numbers. With the disruption of AdGholas, more sophisticated malvertising campaigns will undoubtedly be developed to take up the reigns.
Since malvertising criminals function by gaming the system, it is extremely difficult to detect and even harder to defend against. The most successful malvertising makes headway by pretending to be a legitimate site or a harmless advertisement—and basically running clean ads as long as necessary to seem reputable. Once they have enough clout to access high-volume, lucrative sites, they begin the second phase of their invasion by inserting malicious codes.
How Can I Defend My Business Against Malvertising?
In order to protect yourself against malvertising and other malicious software campaigns, follow these basic protocols:
1. Install a Reputable Anti-Virus Program That Handles Exploit Kits
Install a reputable antivirus program that identifies and neutralizes exploit kits. If your current program doesn’t handle this important task, reach out to your managed IT services provider or do some independent research and install a program that does. An effective antivirus program that targets exploit kits will monitor plug-in and browser operation and block any exploits that probe your computer for vulnerabilities.
2. Be Suspicious of Any and All Plug-In Requests
Don’t give plug-ins the opportunity to launch without your approval. If you have any browser plug-ins that you don’t use, uninstall them and set all those remaining to click-to-play. Java and Adobe’s Flash are the most vulnerable elements in your system, so pay particular attention to them when they request permission.
In most cases, you won’t need to run a plug-in to accomplish your task — but sometimes a website will require it. You have the option at this point to skip town and move on to another site to avoid any potential problems.
3. Update, Update, Update
You’re probably tired of hearing it, but updates need to happen — and they need to be performed regularly to have any protective effect. Be sure all browsers, operating systems, and plug-ins are current and up-to-date. The types of security vulnerabilities that exist on outdated browsers and operating systems are tailor-made for cybercriminals, and exploit kits, in particular, thrive on them.
4. Install Ad-Blocking Software
While controversial, ad-blocking software will prevent most malvertising campaigns from gaining access to your system—but it isn’t 100% effective, and viewing it in this way can lead to a false sense of security. Another downside is that many ad-blockers block more than just advertising and can totally disrupt harmless transactions like pop-ups for calendar check-ins and website checkouts. Additionally, many websites will limit the content they display if they detect ad-blocking software.
While malvertising is dangerous and may seem uncontainable based on its methods of infection and propagation, taking the proactive steps outlined above can dramatically reduce your chances of being infected.
403Tech Inc is your local managed IT services and cybersecurity specialist. If you are concerned that your business’s IT systems might be vulnerable to attack, contact us at (403) 215-7506 or send us an email at [email protected] for more information.