Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
455 Views 2 Replies Latest reply: May 17, 2013 11:55 AM by consoul RSS
clausonna Newcomer 18 posts since
Nov 11, 2009
Currently Being Moderated

May 2, 2013 8:47 PM

Request:  Put Malvertisers in their own category

I frequently look at my access_denied logs (either via the CLI during investigations or via Web Reporter) for Malicious sites (i.e. cat access_denied.log | grep -i malicious | more) On a number of occasions I've found signs that a machine is infected and attempting to reach out to sites categorized as Malicious by McAfee.  So yes, the connection is blocked, but only while the machine is on the corporate network. 

 

The problem is that 'Malvertisers' (Malicious Advertisers) are also lumped into the same category, thus 'polluting' the logs and hiding the otherwise obvious signs of infection.  These include sites like doubleclick.net, zedo, serving-sys.com, lijit.com, to name but a few.  These log entries are not the 'phone homes' of an infected machine, they're typically just included as potential ads on relatively benign and/or unsuspecting web sites.

 

It would be great if malvertisers were put in a different category to help differentiate them from truly malicious sites and/or phone-homes.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points