Security Manager's Journal: New ransomware attack hurts trustworthiness of Web
When an infection can result from just calling up a mainstream website, malware becomes harder to battle
Computerworld - Last week, my company was paid a visit by some interesting malware. This time, it was ransomware: malicious software that disguises itself as "security software" but actually holds the system hostage to trick the user into paying money to the software's handlers. This is the same kind of trickery I wrote about when I experienced a FakeAV infection.
Based on that experience, I know this malware is insidious. It embeds itself deeply into the computer, even below the file and operating system levels. There's no point in trying to clean it -- it will just come back. So I instructed the desktop team to wipe the infected computers and reimage them.
We were lucky -- only two users got infected by the compromised ad. The news service displays lots of ads in a rotation, so the chances of getting the compromised one are pretty small, at least on a single visit.
I had my team contact the news service to let people there know about the compromise. Even though it's not their fault directly, they will want to take some kind of action to ensure that other innocent visitors don't experience the same infection. In fact, it's possible the people who run the ad service are unaware that one of their ads is infecting potential customers. There are many ways an attacker can compromise code served up by Web servers, without the knowledge or participation of the webmaster.
I decided the best way to get rid of this particular nuisance is to block the category of all Web advertisements. Who needs them, anyway? (Well as it turns out, some people do -- I received a couple of requests to unblock the ad category, but in general, ads are an annoyance that users don't want). So one outcome of this experience is that my company's Web browsing experience is slightly less annoying than it was before.
More by J.F. Rice
- Security Manager's Journal: A rush to XP's end of life
- Security Manager's Journal: Security flaw shakes faith in Apple mobile devices
- Security Manager's Journal: Cyberattacks just got personal
- Security Manager's Journal: Target breach unleashes fresh scams
- Security Manager's Journal: Giving thanks for SIEM
- Security Manager's Journal: Hashing out secure applications
- Security Manager's Journal: Why the shutdown is like the cloud
- Security Manager's Journal: Thinking about passwords
- Security Manager's Journal: Android panic
- Security Manager's Journal: Auto-forwarded emails could be a huge problem
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts