There has been another rise in malvertising attacks lately and we've had several victims in our shop this summer. Many of these campaigns employ exploit kits like Neutrino and Angler to do their damage. This is a relatively new form of attack that I've written about in the past. These exploit kits are able to breeze right by traditional anti-virus softwares.
Malicious ads (malvertising) can show up anywhere and many have shown up on trusted sites like YouTube, Yahoo, and MSN; just to name a few. The problem is, they can infect your computer without you even clicking on them. You just have to be in the “right place at the wrong time.” Most exploit kits will invade a website for no more than 24 hours before moving to another host. This makes it more difficult to track them down.
If you have files that you can afford to lose, make sure you keep backup copies either on external hard drives or in the Cloud. If you get hit by a ransomware attack, you can wipe and reload the system and not worry about loosing anything valuable.
Use two-factor authentication everywhere it is made available. Not only will this keep your account safer, you will also have better luck accessing your accounts when you have accidentally locked yourself out.
To protect against spyware, adware, malvertising, etc... make sure your software is updated. Most programs do automatic updates so you won't have to update them yourself. Watch out for popups warning you about updates. If you receive a popup that says you need to update Adobe Flash or Firefox, go to the Adobe or Firefox website directly. Never click on links in popups.
A firewall, antivirus protection, and added layers of protection like anti-malware and anti-exploit software are all necessary for securing computer systems. The firewall will protect your system from unauthorized access. The antivirus will protect you from spyware, keyloggers, and malicious software accidentally loaded from questionable sites.
Quality anti-malware and anti-exploit software like Malwarebytes will help guard against advanced threats like ransomware, PUPs, and adware. With these layers of protection, your system will look more like Fort Knox and less like a gazebo. However, with all of this protection, you still need to use caution.
These are just a few bits of advice:
Finally, do not fall for the glut of “tech call scams” that are floating about. These can come in the form of cold call to your house or place of business, pop ups on your computer warning of virus detection, or texts to your phone. I assure you, Microsoft, HP, FaceBook, etc. is never going to call you about viruses. If you have been hit by anything resembling a tech call scammer, you can check out the information that Malwarebytes has been collecting. Their blacklists can be found here.