(Page 2 of 2)
Remote control: FireShark discovered that some content on the site howtofindmyIP.com comes from dubious sites hosted in the Ukraine.
Websense
The researchers at Websense plan to release a plug-in for the Firefox browser that will reveal the content hubs that a site is linked to.
"The interesting thing about all of this is when attackers are using, say, DoubleClick as the vector of attack," says Tom Pinckney, cofounder of the Web security firm SiteAdvisor, which was bought by McAfee in 2006, and now vice president of engineering for the recommendation site Hunch. "For many attacks, someone buys the content on the ad network, but the guy who is actually supplying the content on the page--God knows who that is."
SiteAdvisor offers a plug-in that provides a service that's similar to what FireShark offers. McAfee used a data center full of virtual PCs to troll the Web for malicious sites, evaluating links and submitting unique e-mail addresses that are then monitored for spam.
FireShark delves deeper than SiteAdvisor by decoding the HTML, Javascript, and other code embedded in each Web page it parses, looking for the ultimate source of content, even if it's redirected multiple times. "FireShark gives a more in-depth view of what is going on," Chenette says.
Maxim Weinstein, executive director of StopBadware, a nonprofit organization that helps create lists of malicious websites, says FireShark could be an interesting tool for researchers. The caveat, he says, is that anomalous behavior is not always malicious. "The patterns that look bad are often good things--just anomalous," he says.
Tracking the way sites are connected over time could also help identify malicious changes to sites, Chenette says. He adds that the FireShark browser plug-in may eventually let users feed information about the sites they visit back to Websense.
Approach could help software learn how to identify fake accounts with less honorable intentions.
They get results by exploiting a social network's trusting environment.
A study highlights efforts to take down ISPs that allow malicious activity.
If a legitimate website has a new advertiser, why can't they have effective ID? If I'm selling something on eBay, they have my credit card, bank routing number and great grandmother's birthday.
Quote: "but the guy who is actually supplying the content on the page--God knows who that is." This seems lame. If their home address is Belarus or New Jersey, you know damn well they are scallywags.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
flared0ne
395 Comments
Biggest issue to be dealt with:
"Rotating" ad presentations -- those ads which cycle through like a slide show -- are quite popular because "change" attracts the eye, catches the attention, delivers the message just that little bit more effectively. Not to mention how slide shows boost overall revenues by placing multiple advertisers...
They also create a major headache for anyone attempting to monitor the ad-server for malware -- any monitoring process claiming "due diligence" must stay focused for a minumum of (at LEAST) one slide show cycle; i.e., the malicious code may only be present in a low percentage (say, one or two out of a hundred) rotating ads; a percentage calculated to drop irate report rates below some arbitrary threshold for "take action", and offsetting those reports with "but I was just there and didn't see anything"...
AND because the sequence of ads can be dropping cookies (to track delivery, etc), the actual hidden malware presentation, tied to an otherwise normal advertisement, can be scripted to only get pulled in to strike on a second rotation, which could even be on a later visit. All for the purpose of lulling the victim into a false sense of "been here, done this, nothing to worry about", AND making detection many times more difficult.
Reply
Stormfield
1 Comment
Re: Biggest issue to be dealt with:
These 'ads' can be somewhat mitigated, by turning off 3rd party cookies, and certainly stopped cold with Firefox and "NoScript" add on.
Microsoft hacks of FFox should also be disabled (NET framework, Windows Presentation Foundation, Silverlight).
Any use of add-on's that empower JavaScripting should be considered as "fair game" to hackers.
Reply