Cybercriminals Target Spotify Users with Malvertizing Attacks 

by iClass - Monday, March 28, 2011
Websites rely on third party advertisements to offer free services to the customers. Advertisements may come in the form of pop-up ads, banner ads, floating ads and video ads among several others. However, these advertisements could be misused by cybercriminals to install malware in user's computers. Recently, cybercriminals targeted Spotify user's with malvertizing attacks. In case of malvertizing, attackers insert or modify a code in the advertisement to exploit flaws in web browser code. They avail the services of popular online advertising networks for propagating the malware. Spotify is a popular online music service in European countries. Users of the free ad-supported version have the facility to listen to their favorite songs online. When unwary users clicked on some of the third party advertisements placed on the site, they also inadvertently downloaded malware on their computer systems. Attackers reportedly exploited a Java vulnerability to insert malicious code into vulnerable systems. The advertisements with malicious code may entice users with attractive offers, interesting news article, free downloads and fake anti-virus software. When users click on the links placed in the advertisements, they may also be redirected to fake website or require users to download software to view the advertisement. Internet security firm Sophos has also reported the existence of a malware spreading advertisement on Facebook, which was quickly rectified by the social networking site.

Attackers may exploit vulnerabilities in website through malvertizing, drive-by malware, SQL injection and iframe injection attacks. Website owners must review the security of the website regularly to identify vulnerabilities and threat vectors. They must also verify the procedures followed by third party advertising networks to evade malicious links and misuse of advertisements. Employees could be educated on various online threats, preventive and remedial measures through training sessions, refresher courses, online university degree and e-learning programs.

Online service providers may avail the services of IT professionals qualified in secured programming, masters of security science and security certifications to strengthen the defenses against online threats. Organizations may install web filtering technologies to prevent unintentional download and propagation of malware in computer systems and networks.

They must install and regularly update anti-virus and anti-malware solutions. Security software must be downloaded directly from the website of a legitimate developer rather than by clicking on links in pop-ups. They must be wary of visiting unknown third party sites to download software. Users must constantly update software products to avoid exploitation of vulnerabilities. They must be wary of clicking on third-party advertising links on websites. E-brochures, videos and online degree programs could be used to enlighten Internet users on different security threats and Internet safety tips.

Contact Press

EC-Council
Website:
http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228


EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

-

0    submitted by iClass -
Read More Press Releases

Pakistan Marks 68th Day of Independence By A Momentous Shine On Global Academic Forefronts—The Historic Launch Of IRT Research Model.

Press Release

Wackiest Pharma Conspiracy Debunked by Pakistani Arch-researcher Dr. Aurangzeb Hafi’s Polygonal Research.

The News--The Pharma-Media Alliance Never Wants The Public Know

Saahil Peerzaada - Turning good ideas into successful brands

Teen CEO Reality Show Founder > > LIVE on National Media – OC Talk Radio, July 1st, 2014

New Guide To Tone Abdominal Muscles Published Online

Bodybuilding Workouts Are For Everyone

Dukan Diet - A How To Lose Weight Fast Plan Fit For Royalty

Core Liquidity Markets Announces Affiliate Program

Get press releases by email