FANDOM


(Blog post created or updated.)
(Blog post created or updated.)
 
Line 13: Line 13:
 
Plugins such as Java and Adobe Flash have an incredibly ludicrous record of ridiculous exploits. However, there are other methods too - simply visiting a website can allow malicious code to run that is server-side (PHP or C# for example) to allow the malware through. This is called '''drive-by downloading'''.
 
Plugins such as Java and Adobe Flash have an incredibly ludicrous record of ridiculous exploits. However, there are other methods too - simply visiting a website can allow malicious code to run that is server-side (PHP or C# for example) to allow the malware through. This is called '''drive-by downloading'''.
   
What's more, there are special malware called '''exploit kits''' to increase the risk of drive-by downloading to happen. These will deliberately scan your browser for vulnerabilities to exploit; software which is merely a few days out of date are incredibly vulnerable to this, because the malware authors are quick to update their malware.
+
Some bad adverts are able to redirect the user from the legitimate website to rogue websites so the malware can run, and these redirecting adverts are considered malvertisements too.
   
So the answer is no, you do '''not''' have to interact with a webpage in ordered to be infected.
+
What's more, there are special malware called '''exploit kits''' on these rogue websites which aim to increase the risk of drive-by downloading to happen. These will deliberately scan your browser for vulnerabilities to exploit; software which is merely a few days out of date are incredibly vulnerable to this, because the malware authors are quick to update their malware.
  +
  +
So the answer is no, you do '''not''' have to interact with a webpage in ordered to be infected. You could be visiting a legitimate page and unbeknownst to you, be redirected and become a victim of drive-by downloading.
   
 
==What are the possible consequences?==
 
==What are the possible consequences?==

Latest revision as of 17:20, July 8, 2016

Security is an important, regularly discussed topic in modern times, and will forever be as such. In modern times, cyber criminals have been finding new ways to victimize innocent users of the Internet for various purposes - usually money extortion (stealing credit card details, or ransom by force encrypting the users contents and asking for a fee to have them returned). There are many aspects of security that are important but one that is relevant here is malvertising (a portmanteau of malware and advertising).

What is malvertising?Edit

Malvertising is the practice of using advertisements to spread malware.

How does that happen?Edit

There are various methods:

  • Webmasters have their websites compromised, and the hackers introduce it
  • Poor/no checking of ads that are given to companies who host them which allow rogue ads through
  • Insecure websites with vulnerabilities that allow attacks such as XSS (cross-site scripting)

Does it require user interaction?Edit

Plugins such as Java and Adobe Flash have an incredibly ludicrous record of ridiculous exploits. However, there are other methods too - simply visiting a website can allow malicious code to run that is server-side (PHP or C# for example) to allow the malware through. This is called drive-by downloading.

Some bad adverts are able to redirect the user from the legitimate website to rogue websites so the malware can run, and these redirecting adverts are considered malvertisements too.

What's more, there are special malware called exploit kits on these rogue websites which aim to increase the risk of drive-by downloading to happen. These will deliberately scan your browser for vulnerabilities to exploit; software which is merely a few days out of date are incredibly vulnerable to this, because the malware authors are quick to update their malware.

So the answer is no, you do not have to interact with a webpage in ordered to be infected. You could be visiting a legitimate page and unbeknownst to you, be redirected and become a victim of drive-by downloading.

What are the possible consequences?Edit

Java plugins are meant to be running in a sandboxed environment, meaning it should not affect anything out of its boundaries (the browser). However, so many vulnerabilities have been found that allow arbitrary code execution affect outside of your browser. The malware, once downloaded, can instantly run and some will do so silently, in absolute secret to the user. Java was an example of this happening - it can be any plugin or server-sided language.

Once the arbitrary code is able to run without your permission, the hackers could do anything they like to your device, and subsequently the contents on it. This might be deletion, editing, locking or copying the files.

How do you defend against this?Edit

Cyber criminals are so advanced even tech savvy users can easily become a victim. As they aim to compromise advertising networks and major websites for the maximum victim exposure, you can take the following measures:

Common SenseEdit

It's always a good idea to visit websites you trust and know aren't malicious. Visiting torrent sites or adult content are more likely to contain malvertisements than others.

AntivirusEdit

As a standard defence, antivirus is advised. However most will not detect malvertising as its hard to detect due to the vulnerabilities being exploited in the browser. Still, it's better than nothing.

Up-to-date SoftwareEdit

Since a lot of these malvertisements exploit known software vulnerabilities, you should always keep them updated to patch these holes.

Uninstall Obsolete UpdatesEdit

It was until a couple years ago Java was beginning to remove the old versions after installing the new one. Legacy malvertisements may be able to take advantage of older Java versions, so you should definitely remove the older versions.

Restrict PluginsEdit

Java and Adobe Flash are loved by cyber criminals because they have so many exploits. Therefore you should consider restricting them, or even better and removing completely. Both plugins are superseded anyway by safer alternatives.

ExtensionsEdit

These are all free to use!

NoScriptEdit

NoScript provides excellent defence against scripts. You can make it so JavaScript, Java, Adobe Flash etc only run on websites you trust. As malvertisements come from external vendors from the website visited, they can be prevented from running their payloads.

Adblock (Plus)Edit

One unknown benefit of blocking ads is preventing malvertisement execution as the payload never arrives to the user's browser.

Web of TrustEdit

This extension is community driven and will let you know a website's rating. If it has an incredibly poor rating it will automatically prevent you from accessing known detrimental websites.

Why did you post this on Wikia?Edit

Because Wikia has adverts. Even if you register as a user, you can still see adverts such as on the main page. Wikia will probably not be compromised but I have seen XSS attacks in the past affect Wikia (see below), and ad vendors can sometimes go rogue, or are compromised themselves.

8tcBY.png

Note there are further measures you can take to protect yourself - I am merely scratching the surface on this subject. Most cost nothing to implement so I hope you take action to protect yourself. Should you encounter a bad ad on Wikia, you can report it here.

Community content is available under CC-BY-SA unless otherwise noted.