illurity-logo
Log in

Site menu:

Categories

Tags

Site search

April 2019
M T W T F S S
« Dec    
1234567
891011121314
15161718192021
22232425262728
2930  

Links:

Archives

Syndicated Malware

It’s virtually impossible to browse to a web-page these days without embedded advertising. Most of this sort of content gets included through the use of javascript retrieved from the ad syndicator’s network (such as Google’s show_ads.js or Yahoo’s ypn.js). Similarly, most web-sites also employ some form of analytics, where the tracking is often achieved in a similar fashion (e.g. Google Analytics: urchin.js

The fact that these sorts of externally-hosted scripts are included in just about every web-page is what makes this event so alarming. And while it’s not highly likely the Google or Yahoo (or any of the other of the hundreds of similar services) will have their content compromised the way 24/7 Media did, it’s still possible for an attacker to spoof DNS (particularly in public wireless environments), or use DNS Rebinding (AKA Anti-DNS Pinning) to cause clients to retrieve the “wrong” javascript.

One way for site operators to decrease the risk of compromised third-party javascript is to host it locally, as SonicWALL does for its Eloqua analytics. If a DNS-based attack is launched against a visitor, it would affect the entire session (rather than just a single element), and would be more difficult for the attacker to arrange or conceal.

Javascript pervades the web and web-based interfaces because of its boundless versatility, but it can do some scary stuff. Users can protect themselves against the potential evils of javascript-gone-bad with something like NoScript, but it’s unreasonable to expect adoption by the masses. To mitigate the bound-to-be-increasing risk of ad-based attacks specifically, it might be simpler (and more palatable overall) to use aggressive ad blocking.

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Twitter
  • Reddit
  • Slashdot
  • LinkedIn
  • Facebook
  • email
  • Print

You must be logged in to post a comment.