Monday, December 21, 2015

Be Merry This Holiday: Be Careful Where You Click

Hey everyone - With the holidays right around the corner, you might be scrambling for that perfect holiday gift.  You might be buying that gift online.  Even though we have seen breaches at large stores like Target, Home Depot, and Neiman Marcus, information compromise can happen when shopping from your computer at home.

It is always a good idea to be careful where you click.  Phishing domains or other malicious websites are becoming better and better at impersonating legitimate sites.  However, you also need to worry about the advertising on sites.  Here is an example of why: Malvertising hits DailyMotion and Serves Up Angler EK.  While DailyMotion is not a shopping website, it is not too far fetched to believe that malicious ads could appear just about anywhere.

I am a bit surprised that we have not seen more incidents like this before.  This technique would probably not be good for targeting a specific person, but it is a good way of gathering bots for a botnet.  Because of targeted advertising, this may be a good way of targeting a group of people by catering to things that people in that group might be interested in.

You probably already know to be careful about clicking links in e-mails, even from people you know.  The same principle applies when clicking on an advertisement.  Beyond the privacy implications, it can be difficult to tell where an ad will finally take you (just like a link in an e-mail).  An ad usually does not go directly to the site shown in the ad.  It usually jumps through a few hops so that advertising providers can track what site the ad was clicked on and correlate the ad with any other information the advertising provider has on you.  This happens very quickly, so unless you are looking for it, this activity might be hard to see.

The problem here was that the group that paid for the ad was not selling anything at all.  They were using the ad network as a conduit for delivering malware.  Since most people do not monitor their web traffic very closely, the group probably figured they could get a few victims before they were caught.

So what steps can you take to protect yourself?  Not everything on this list might be worth doing for you depending on how you browse the Internet, but it provides something to think about.
  1. Use a pluigin in your browser that allows you to selectively block JavaScript (the delivery mechanism for a lot of malware through a browser).  There are plugins such as ScriptSafe for Chrome and NoScript for Firefox.  Unfortunately, disabling JavaScript breaks a lot of websites, and it can be tough to know what you need to whitelist and what you do not want to whitelist.  Typically, you want to whitelist the site you are visiting.  Beyond that, it depends on the site.  This is definitely not the most user-friendly solution, and many people end up whitelisting just about everything, so the plugin is not really doing anything.  This will not keep you 100% safe (if the whitelisted website you are visiting has been hacked and is serving up malware, this will not stop it, but that is what defense in depth is for).
  2. Use a plugin in your browser to disable ads.  uBlock Origin is a popular ad-blocker and is available for both Chrome and Firefox.
  3. If you want to buy something from a site, visit it directly instead of through an ad.
  4. In addition to arming your browser, it is a good idea to keep your operating system, software, and malware protection up to date.
 Have a happy and safe holiday season.  Thanks for reading!

No comments:

Post a Comment