Monday, 11 January 2016

More on malware

I've been quiet on malware for a while. That isn't because I've stopped receiving it - it's because I also want to talk about other stuff. But today, I got a large number of "invoices". They were all doc files.

SHA256 DE9DCC1777A3B26124442739B6E8FB30E7E142660697F14C09809B4FCAFC0C59

Jotti: Eset, Kaspersky and Quickheal flagged them, 18 other products didn't.
Metascan: All 43 products passed it as clean
VirusTotal: Arcabit, Mcafee and Trend flagged it. 51 products passed it as clean. My upload was the first time Virustotal had seen it.
Payload Security: Malicious. That's based on them sending it to VirusTotal.

So it's the same story. Malware is emailed out, probably in large numbers, nearly all products don't spot it (and even those that do, there's some doubt) and your only defence is that you're not silly enough to open a doc file from a supplier you know.

And, of course, suppliers continue to send out invoices as doc files, acclimatising people to the trick.

In related news, Forbes has been malvertising again. I like that word! It mean, malware delivered to your browser via advertising.

What happens is, advertising is sold my middlemen agencies; they take your money to display your ad, and they pay money to various web sites to display your ad. So you only have to deal with one agency, instead of dozens of web sites. And a web site only has to deal with one agency, instead of dozens of advertisers. A good idea, obviously.

Enter the Bad Person. Bad Person pays the ad agency to display their ad, but the ad includes malware that will install somethnig bad on the user's computer. Obviously, the ad agencies should be checking the ads they accept carefully. Obviously, they don't. Until they do, the only prudent course for users is to install ad blockers.

Forbes has form, they've done this before , last September. But this time they went one better. Forbes doesn't like ad blocking, because it hits their revenue. So they recently started blocking access to their site if you use an ad blocker.

So Forbes ask you to disable your ad blocker. But if you do, you get hit by malware.

Something has to change. I just went to, and I was greeted by "Hi again. Looks like you’re still using an ad blocker. Please turn it off in order to continue into Forbes’ ad-light experience".

No chance. I'll forgo the Forbes' ad-light experience, in the interest of not having my computer taken over.

But whose fault is this? The ad agency, or Forbes? Well, of course, it's the fault of the Bad Person who put up the malware on the ad agency's site. But I think that the contract between an ad agency and the web sites who pay them, has to include a guarantee, with penalties, that there's no malware in the ads. Because you can't ask the Bad Person to take on that job!

No comments:

Post a Comment