I recently wrote about how the Angler malware threat had affected my company. Adversaries have been buying space on legitimate advertising banner services, embedding malware in their fake ads, and using the unsuspecting ad agencies to serve their malware through legitimate websites to users, who might be innocently browsing major news and financial websites. It continues to be a problem for me.
Today, for example, I got an alert about an infection attempt via a training website. I’m also seeing an increasing number of Angler infection attempts coming via Web searches. The malware-bearing search results all look the same: seemingly random text from some old book, probably some classic of literature, that doesn’t make any sense in the context of the Web search. That doesn’t matter, though; it’s just there to serve up malware to any unsuspecting users who click on the search result. One of my users was hit yesterday while trying to find a hiking website in India.
I used to think my life would be much easier if I could just put a stop to personal Web surfing from my company’s network. But that was before legitimate Web browsing, such as checking financial news or even using a work-related training website, started serving up tainted advertisements. Of course, it never would have been feasible to block non-work-related activity, but now it wouldn’t even solve the problem. I certainly can’t block every website that has now become a threat.
To continue reading this article register now