Malvertising is a troubling trend

    696
    Over the past few weeks, my company’s employees have been hit by more than the usual number of malware infections. And the reason why is both startling and troubling, because these infections represent a new type of threat that is much harder to avoid than anything we’ve seen before.

    It started three weeks ago when my application firewall sent out an alert about active malware known as the Angler exploit kit on one of my company’s computers. This came as a surprise, because my top-tier desktop antivirus software did not detect the malware, nor did my well-known, network-based malware detection product.

    After some investigation, I found out why my desktop and network antivirus products were essentially blind to this version of Angler. The Angler exploit kit has been around for a couple of years in various forms, and until now it didn’t stand out as a particularly unusual threat. But it turns out that the newest version has some new and improved techniques to avoid detection, such as encryption and the exploitation of zero-day vulnerabilities that haven’t yet been incorporated into the mainstream antivirus products. It also runs only in the memory of the infected computer, instead of installing itself on the hard drive, which is where desktop antivirus products tend to focus their attention. This is the startling part — that the bad guys have found a way to effectively stay invisible.

    Media Partners

    To read this article in full or to leave a comment, please click here

    Powered by WPeMatico