Legitimate sites present a network security risk when they serve up malware

Posted by Geraldine Hunt on Wed, Jan 8th, 2014

There is no doubt web ads are a contributing factor to malware infestations. People are now so conditioned to ads that when real malware appears no-one can identify it. Next thing you know, a company IT network is in trouble. Not to mention how annoying and counterproductive some ads can be.

Even legitimate site can serve up malware due to unscrupulous ad networks.

Some of these Ads are delivering malware whether the ads go to a legitimate site or not. Malware has been served through banner ads at legitimate websites also, even big names like yahoo.com and you tube have ended up serving malware due to unscrupulous ad networks.  The problem isn't in the sites themselves; it's in the ads. That ad could come from anywhere. Often when you load a web page, that page makes "calls" to third-party servers that host content (images and ads) that are syndicated to thousands of public-facing websites. When criminals attack an ad network, their malware is syndicated and sent to sites where those ads go — including legitimate sites. Does that justify blocking all advertisement as a security risk?  

Ads that appear frequency include ‘System Update’ ads claiming to help speed up a user’s PC, anti-virus update ads many of which are fake. These ads when clicked may or not go to a malicious site even if they are legitimate the level of add-ins dumped after clicking invariably slows down your PC to a crawl resulting in frustration and lost productivity. In a company all systems updates, including anti-virus and system performance issues need to be handled by an IT Pro!

What’s the minimum an IT manager can do to safeguard network security against threats from online ads?.

Did you know that Internet users are 21 times more likely to become infected by visiting a legitimate online shopping site than by visiting a site used for illegal file-sharing (according to Ciscos’ security report).?  Business and industry sites are one of the top three categories visited when a malware encounter occurred. So what’s the minimum an IT manager can do to protect against potential threats from online ads.  With the increased hostility of the internet  some IT Pros feel companies need to totally block these web advertisements believing that there’s no upside for an organisation to allow ads — they take up employee time, affect productivity, waste bandwidth, and represent a security risk. This is often done via a firewall policy or using a content filtering solution like WebTitan which not only blocks malicious URLs but can also be used to  block ads too.

Others believe that blocking ads can be too restrictive especially when it blocks or impedes legitimate work.  Sometimes restrictions are justified, or an evaluation may determine that something must change. After all, employees will be hard-pressed to tell you why they need to access porn or gambling at work; that restriction would certainly be justified.

So what about exceptions -  a situation where an employee finds having ads block is in some way restricting their work and a request is made for the block to be lifted. One option is whitelisting users who need that and setting up ad block for their browser. Another option may be to set up Click to Play for scripts on websites. Both of these options could be a suitable compromise. But should there be exceptions - surely exceptions negate any protection benefits you gain from blocking these ads?

I’d be very interested to hear what you think, is blocking ads being too restrictive? Has anyone found a successful balance?