illurity-logo
Log in

Site menu:

Categories

Tags

Site search

September 2018
M T W T F S S
« Dec    
 12
3456789
10111213141516
17181920212223
24252627282930

Links:

Archives

Syndicated Malware

It’s virtually impossible to browse to a web-page these days without embedded advertising. Most of this sort of content gets included through the use of javascript retrieved from the ad syndicator’s network (such as Google’s show_ads.js or Yahoo’s ypn.js). Similarly, most web-sites also employ some form of analytics, where the tracking is often achieved in a similar fashion (e.g. Google Analytics: urchin.js

The fact that these sorts of externally-hosted scripts are included in just about every web-page is what makes this event so alarming. And while it’s not highly likely the Google or Yahoo (or any of the other of the hundreds of similar services) will have their content compromised the way 24/7 Media did, it’s still possible for an attacker to spoof DNS (particularly in public wireless environments), or use DNS Rebinding (AKA Anti-DNS Pinning) to cause clients to retrieve the “wrong” javascript.

One way for site operators to decrease the risk of compromised third-party javascript is to host it locally, as SonicWALL does for its Eloqua analytics. If a DNS-based attack is launched against a visitor, it would affect the entire session (rather than just a single element), and would be more difficult for the attacker to arrange or conceal.

Javascript pervades the web and web-based interfaces because of its boundless versatility, but it can do some scary stuff. Users can protect themselves against the potential evils of javascript-gone-bad with something like NoScript, but it’s unreasonable to expect adoption by the masses. To mitigate the bound-to-be-increasing risk of ad-based attacks specifically, it might be simpler (and more palatable overall) to use aggressive ad blocking.

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Twitter
  • LinkedIn
  • Facebook
  • email
  • Google Bookmarks
  • del.icio.us
  • StumbleUpon
  • Reddit

You must be logged in to post a comment.