The War Against Advertisement Based Malware

Pick and choose what runs and loads, or risk being infected

Steve Smith talks about one of the current vectors of infection, advertisement based malware.

Episode #6-19 released on January 24, 2016

Watch on Youtube

Forbes, MSN, and many thousands of web-sites have something in common, they were or still are plagued by issues with malware embedded advertising, and thus is a significant problem for many visitors coming to legitimate web-sites seeking information, news, entertainment, and more.

I'd like to remind you that this is not necessarily the fault of these particular publishers, but it is the visitor who is most often caught in the crossfire. Running a web-site, as I can even attest to, is not cheap. The majority of users will not pay for content, so a pay wall is usually out of the question, so the easiest way to make money then, is make the visitor the product, which means selling views to advertisers.

Selling views to advertisers is, also, a particularly difficult task, and many programs do exist, but a system managed completely by a platform like Google's Adsense, Bidvertiser, Media.net, etc. are usually used.

Meanwhile, running a web-site, handling databases, handling encryption, creating content, social networking, advertising, etc. makes anymore company too busy to do very much, and all this to say, that the third party advertisement platform is usually picked because of how hands off it truly is. We design pages to contain the advertisements, and the advertisement platform publishes an advertisement in that spot.

However, being from a third party, and not vetted by the web-site publisher, the chances of issues coming up like malware, illicit web-sites, fraud, etc. is an issue, and these days picking the right advertisement platform is just as important as solving the issue of third party vector vulnerabilities. But, in order to protect yourself, you definitely need to know more about how advertisements are usually delivered versus how some advertisers would like to be able to publish their advertisements.

You, also, need to learn how to lock down your browser. There are plenty of ways of protecting yourself if you simply don't run as many plugins in your browser, and block third party scripts from running, which will cause some issues for how web-sites load; however, for scripts for known sources like those that allow standards like Bootstrap, Addthis, etc. to occur you can whitelist them, whilst leaving all the other ones blocked. The majority of advertisements on safe platforms are delivered in a way that usually what you will see are only photos, or text, usually embedded via JavaScript, CSS, html, iframes, etc.

Now, if you know how to access the browser options, you can actually change various settings like cookies, images, JavaScript, Handlers, Plugins, Pop-ups, Location, Notification, Fullscreen, Mouse Cursor, Protected content, Microphone, Camera, Unsandboxed plugin access, automatic downloads, MIDI devices, etc. Cookies can, also, be cut down to first and third party. Tracking cookies are almost always third party, and account access usually limited to first party, so if you want to be able to log into a site, but not be tracked, blocking third party cookies is essential. Images are usually left alone, few viruses are deployed in this manner, but it is not impossible. JavaScript is a tricky one. If all web-sites used HTML and CSS only, then everything would be fine, but even in making my own mobile capable web-site I have resorted to using JavaScript in cases where an alternative does not exist. You can turn it off, and create exceptions for sites you like. Handlers define how protocols work in a browser, you should probably, for now, leave that alone to avoid breaking your experience of the Internet. Plugins, the Internet's pest, these include but are not limited to Java, Flash, etc. Usually set to run important plugins, you may choose to the setting "Let me choose when to run plugin content".

Then pop-ups usually set to "Do Not Allow", make sure you don't change this. Location is useful for GPS based web-sites, weather, etc. and not generic content sites, this is, also, set to ask you for permission, usually. Things like Microphone, Camera, and Unsandboxed plugin access should always ask permission. Unsandboxed plugin access implies that it can access your computer, and is not limited to your browser. Basically, it comes down to this, everything should ask your permission. However, this may not be enough. It is still possible to be infected, even if you absolutely careful. You may want to consider using a service like Adblock Plus. Now, yes I know that various web-sites will block access to their content, and I definitely understand why, however, it is possible to use such a tool in a way that benefits every party, while preventing malware from infecting your computer. And, you can enable on a per web-site basis. Now, whilst blocking advertisements on web-sites makes it harder to make ends meet, and can be constituted as piracy in itself, a very controversial topic, it is important to note, that in this means, you will not be subject to advertisements that are loaded by malware. Although, I would love for them to make it possible to load advertisements by advertising platform, not just domain. Forcing manual plugin activation, allowing scripts manually, keeping everything in the sandbox, and blocking all unwanted content is basically all you can do to stay safe, and online. Otherwise, you might as well disconnect, permanently from the Internet.

Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions

Sources & Resources

Community Comments

Share your thoughts, opinions and suggestions

Login or Register to post Your comment.