How Strongarm Can Protect You Against Malvertising

September 22, 2016 | By

In the last 24 hours alone, we’ve seen four attempts to hit Strongarm customers with malvertising. While these attempts were thwarted using our DNS blackhole, it’s a good reminder that this sneaky and powerful form of malware is on the rise. We wanted to tell you a little more about what malvertising is, how it works, and how you can stop it from wreaking havoc in your network.

What Malvertising Is

Malvertising is a type of attack where criminals purchase web advertisements and then stuff malicious code into them. This malicious code is often composed of “exploit kits.” In case you’re wondering, an exploit kit is a set of software that can scan your machine for vulnerabilities and exploit them to deploy malware on your network. Much like “good” software, exploit kits are continually updated with new and increasingly effective strategies that they can use to find vulnerabilities and deploy malware.

Normally, when it comes to malware, someone somewhere on your network has to click on a “bad link” for anything to happen. That’s the case with phishing emails and many other types of attacks. What’s particularly sneaky about malvertising is that users don’t need to click anything at all. The attack can start as soon as an affected web page is loaded.

The goal of most malvertising campaigns is to load money-stealing malware on the victim. Often this comes in the form of credit card “scrapers,” which steal your credit card information. However, lately, malvertising is shifting toward ransomware distribution. As this trend increases, we believe that ransomware infections are going to go through the roof.

Where Malvertising Happens

So where exactly are these malvertisements hanging out?

Unfortunately, malvertising can be found on any website, not just the “sketchier” corners of the internet (as recently learned the hard way). Malvertising is often used as a “watering hole” attack, which means that attackers are targeting a specific group of people who are likely to visit a certain site.

Since ads are purchased through ad networks and displayed based on your browsing history and other data, there’s not really any way to predict which exact ads will pop up on which websites at which time. So unless you want to give up the internet and go back to the Stone Age, malvertising is pretty tough to run from (don’t worry; we’ll cover defense in a moment).

The RIG Exploit Kit

As we mentioned earlier, this week has been a big one for malvertising. Specifically, we’ve stopped quite a few attempted attacks from the RIG Exploit Kit, which is now spreading quickly via malvertising.

According to CSO Online, the RIG exploit kit, which also goes by the name Goon, has been making waves since 2013. While some other exploit kits pop up and go away periodically (such as Angular), RIG has been slow and steady since then. This week, it’s been a particular nuisance.

How to Protect Against Malvertising

You might be wondering: Won’t my firewall and antivirus stop malvertising? Unfortunately, the answer is probably not. As we’ve written about before, firewalls and antivirus are like Swiss cheese when it comes to malware. Your firewall definitely will not help, and your antivirus will only help if it happens to know about all new versions of malware (which is often not the case).

You probably would be able to prevent malvertising from appearing in your browser using an adblocker, but adblockers won’t stop the many other types of malware that are out there, like phishing, botnets, or Trojans. Using an adblocker to prevent malware is like putting up an ankle-high fence around your vegetable garden. You’ll only stop a small portion of the pests who want to eat your tomato crop. The rest will hop (or fly) right over.

The best way to protect yourself from malvertising is to use specialized malware protection like Strongarm, which uses DNS blackholing technology coupled with comprehensive threat intelligence to prevent these ads from ever appearing in your browser. It will also, simultaneously, protect you from every other type of malware out there.

Don’t believe us? Just ask the four customers who got an email just like this in their inboxes this week:

Subj: Strongarm infection this morning

Dear Customer,

I wanted to check in on the infection that Strongarm stopped this morning for you. It’s a malicious ad site that is serving up the RIG exploit kit. These exploit kits are nasty and find any unpatched web browser vulnerabilities, then load ransomware or other financially motivated malware.

There’s nothing for you to do. Strongarm stopped the download of the exploit. Since it was served up via an ad, your user didn’t do anything wrong. They were probably just doing their job.

Let me know if you have any questions!


Want to get peace of mind from malvertising, for just $3 per user per month?

Register for Strongarm free today.

We won’t charge you a cent until we stop at least one attack for you.

Image credit