Adware via the Web Browser

The Network: A bank serving multiple states on the U.S. East Coast with an HQ and several dozen branch offices; 500+ servers and 2000+ workstations.

The Expectation: Employee workstations are secured with brand-name up to date Anti-Virus (AV) and latest updates.

The Catch: Adware observed launching on multiple branch workstations; also observed browser toolbar installations for ShopAtHome. Besides being a pesky nuisance, adware can harm system performance by slowing it down, leak browser activity that impacts user privacy, and install viruses and other spyware that have greater system-wide implications. You may experience reputational damage when users and customers who visit an infected website are less likely to purchase or initiate customer engagement.

The Find: Netsurion’s Managed Threat Protection, catches the launch of new processes via MD5 checksum; these adware packages are reported as malware by 27 of the 56 AV programs at VirusTotal, but the brand-name Anti-Virus in this network lets it launch.

The Fix: Uninstall the toolbar (quite persistent and sticky); clean up the workstations; run a deep scan.

The Lesson: Include adware and malvertising in security awareness training. Adware is not merely pesky; it should be eliminated. Be constantly vigilant of ways cyber criminals can access your organization and gain a foothold.