Skip to main content
Blog
25 Nov 2015

Shock News: Trusted Sites Serve Malware in Ads

Yes, I know. We shouldn't really be particularly surprised that a legitimate site - even one the size of Yahoo - has ended up mistakenly serving some form of badware through their advertising networks.

It’s not the first time. Yahoo hit the headlines for malware related problems in 2014, when an affiliate traffic pushing scheme targeted Yahoo users with malware served through adverts on the Yahoo website, and now it’s happened again.

Ad revenue on the Internet is hard to live on at the best of times, and we can expect "lowest cost" behaviours, including, but not limited to, fairly rudimentary checks on the intentions of advertisers.

The obvious thing to do here is to bleat on about the efficacy of having a web filter in fighting some of those attacks - you've read that before, hey, you may have even read it before from me.

Fill in this section on your own, as an exercise for the reader. You probably also know how important HTTPS interception is - of course, this malware was served over HTTPS, wouldn't want any pesky insecure mixed content now, would we?

Again, I’ve expounded at length on the subject. No HTTPS scanning = no security. Don't accept "blacklists" of sites that get MITM scanned: the delivery site won't be on that list, and your malware sails on through free and easy.

The thing I want to mention today is the other big secret of content filtering: some web filters only apply the full gamut of their filtering prowess to sites that are not already in their blocklists.

This is wonderful for performance. It might even mean you only need a single web filter to provide for a huge organisation - but when a "trusted" site, that's already "known" to the web filter, bypasses some of the content filtering in order to save a few CPU cycles you may be getting a false economy.

Further Reading
Farewell to the 2018 SAFE Masterclass Roadshow
19 Oct 2018

Farewell to the 2018 SAFE Masterclass Roadshow

By Lauren Atkinson Read More
Introducing Smoothwall’s New Whitepaper - Digital Safeguarding: A School’s Complete Guide to Active Monitoring
09 Oct 2018

Introducing Smoothwall’s New Whitepaper - Digital Safeguarding: A School’s Complete Guide to Active Monitoring

By Lauren Atkinson Read More
Smoothwall's Women in Tech Series: Daniela Villarreal
08 Oct 2018

Smoothwall's Women in Tech Series: Daniela Villarreal

By Daniela Lackhoff Read More