Security Sprint – Malvertising

We’re all busy people. A security sprint should take no more than two hours… which while long for a real sprint, it a mere blink of an eye when compared to the multi-year commitment that is proper security practice.

One of the easiest ways for an attacker to get malicious software to a target is to get it running on a popular site. Newspaper and TV sites are popular targets, and since they fund their operations with web-based advertising, that’s where attackers focus. If they manage to compromise an ad server, then they can get their malicious software right on the popular targets without actually having to compromise the targets themselves.

Sadly, this technique is all too effective against the undefended.

Happily for us, it’s easily defended against.

If you run Firefox, you’re in the best shape. There’s an Add On called Adblock Plus. Once you install it, you’ll be prompted to select a subscription from the list. (I just pick the top one.) This list matches most ads and keeps things up to date for you, so if the location of the ad changes, it’s still blocked. So, not only do you not see the annoying ads, but you’re also protected against the “malvertisers”.

I don’t have much direct experience with the non-Firefox browsers, but if you want to use something else, check out Ad Block IE for IE8, IE7Pro for IE7, this technique for combining AdBlock Plus Filters in IE, and PithHelmet for Safari.

I do have to point out that some developers have gotten clever, and code their applications to make sure that ads are loaded, so if you use this trick, expect things like Facebook games not to work. But then, you shouldn’t be playing them anyway.