What To Do About Reputable Websites Delivering Malware?

Did you know that rep­utable web­sites (like Forbes, The New York Times, and oth­ershave been caught try­ing to install mal­ware on their vis­i­tors com­put­ers and smart­phones?  This isn’t new, but it’s a trend that’s been get­ting worse when it should be get­ting bet­ter.

NYT tweet

These rep­utable web­sites are not delib­er­ate­ly try­ing to hijack your com­put­ers, of course. It’s the net­works that serve up the ads that have been com­pro­mised. Known as malver­tis­ing (mali­cious adver­tis­ing), it is, accord­ing to cyber­se­cu­ri­ty expert Lenny Zeltser:

…attrac­tive to attack­ers because they can be eas­i­ly spread across a large num­ber of legit­i­mate web­sites with­out direct­ly com­pro­mis­ing those web­sites.

This type of attack relies on Adobe Flash and Microsoft Sil­verlight con­fig­ured in your brows­er to auto play the ads. This has been going on since at least 2007 but it got much worse in 2015 and con­tin­ues to get big­ger. And, it appears to be cross­ing over to mobile devices.

The recent arti­cle in The Reg­is­ter did­n’t say it, but I will: Why should­n’t orga­ni­za­tions of all sizes install an ad-block­er (I sug­gest uBlock Ori­gin) across all desk­tops and mobile devices? At least until this ad-net­work mess gets cleaned up.

Is there some oth­er, eas­i­er thing we should be doing?

Please note: I reserve the right to delete comments that are offensive or off-topic.