- Malware Malvertising: How Malicious Ad Campaigns Are Protected
Attackers protect malvertising campaigns by obfuscating JavaScript and ActionScript code and timing attacks for weekends when ad network staff aren't working. Malicious logic activates after...
- Malware Malvertising: The Mechanics of Malicious Ads
Malicious ads redirect victims through chains of domains to exploit kits or social engineering sites. Flash-based ads embed ActionScript logic that can decide when and whom to attack, evade detection...
- Malware Malvertising: Some Examples of Malicious Ad Campaigns
Malicious banner ads have affected high-profile sites including New York Times, London Stock Exchange, Hoovers, and USNews through networks like DoubleClick, YieldManager, and Microsoft. The Spotify...
- Social Engineering The Targeted Attack Potential of Vanity Web Searches
Vanity web searches create targeted attack opportunities. Attackers can create pages with a target's name, wait for Google indexing, then add malware knowing the person will visit when alerts...
- Risk Management Shrinking vs. Slicing the Pie of Online and Computer Crime
Most security defenses "slice the pie"—making your target less attractive shifts attackers elsewhere without reducing overall crime. "Shrinking the pie" requires disrupting the ecosystem: stronger...
- Web Security Tracking Known Malicious Websites by ETag Identifiers
HTTP ETags can track malicious websites even when attackers rotate domain names for the same malicious server. CompuCom found a single ETag associated with malware that could filter 12 domains and...