Malvertising: Malware in advertising

I read a webroot e-mailer today about “malvertising”.  The interesting thing about it that caught my eye and I never thought about is that advertisers like Google, LinkedIn, FaceBook <- a.k.a by me as “Big Brother” have information on visitors like demographics, software versions of your browser, plugin versions like Flash Player, and more!

What this does is gives your vector away to a potential attacker that you have a vulnerable plugin or browser.  This then clues them in on HOW to attack you and if you’re possibly even a valuable target. They can then craft ads that will follow you online and embedded in that ad will be the malware package that either tricks you or actually downloads, executes and does something – you better pray it doesn’t encrypt your data!  Ever look for something like a car online only to have it seemingly stalk you online on other websites?  That’s what we’re talking about!

How can you possibly keep up on the hacker losers and their schemes?

Firewall-Z that’s how.  By default we enable DNSBL’s – a.k.a (I like using a.k.a) – Domain Name System Block List.  Yes – that’s right, BLOCK.  You can block ads with plugins however, what you really want to do is block them at the firewall.  This is important so you can centrally manage and track if needed any block list including the DNSBL’s and ad blocking to protect you at the edge.  It also takes overhead off your desktop, laptop or devices.  Moreover, not all devices can use a block list – like Safari and the iOS – I believe you have to go out of your way to install one, manage it and it’s a headache.  You want your block lists at the edge – on your firewall.

We integrate by default 5 vetted block lists and a custom block list of our own.  We whack’m when we see’m meaning we personally maintain additions or deletions of advertising URL’s into our block list like one I found today when showing a customer how we do what we do!

Advertiser:  http://ads.mlive.com

We’re so clever…if you work with us you’ll be clever too! I found it because I saw 1 ad on mlive (dot)(com).  I then hovered over it and saw the new ad domain they use and if you go there it’s a blank page but if you dig into it the page properties you also see their sneakyness.  They also hide a tracking pixel and you can see it here:  http://a614.mlive.com

I’ll say this – most websites are spying on you, they aren’t your friend and you shouldn’t trust them nor should you trust the Internet.  Oh wait…don’t trust them but you can trust me (smile).

By the way, YES the a614.mlive.com might look like nothing but in the middle of the page if you look closely you’ll see a TRACKING pixel.  A tiny dot, it might look like a screen blemish on your screen but it’s not!  Now, to our point.  Can we block ads?  Yes but more importantly we protect your information and vector.  We’re continually working to build our lists and many of them are updated by others automatically.  Protecting your vector, not giving away what you have, what you’re using, what versions you have or personal information about you is even MORE important than you might think.  It’s not about blocking annoying ads that fill your screen but protecting the vector!

Buying a managed firewall from Firewall-Z isn’t supporting one company and protecting you but we spread the wealth.  For every subscription 15% goes to our neighborhood watch.  The list makers and hacker whackers.

Free hardware and a low monthly subscription is available!

Leave a Reply

Your email address will not be published. Required fields are marked *