Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Blue Coat protects 75 million users with WebPulse service

Anuradha Shukla | Aug. 8, 2011
Identifies and fights new fake anti-virus attack driven by Web advertisements.

Blue Coat Systems is protecting 75 million customers all across the world from a new variant of a fake anti-virus attack that uses Web advertisements to draw users into the Shnakule network.

Shnakule network is the largest and most effective malware delivery network on the Internet, according to Blue Coat Systems, a provider of Web security and wide area network (WAN) optimisation solutions.

This variant was identified by Blue Coat Security Labs and it was automatically blocked by the Blue Coat WebPulse service.

"Though this attack was initially launched in late June, it is still continuing, and in a recent check of the payload by Blue Coat Security Labs against 43 anti-virus engines, only two of those engines identified the payload as malicious or suspicious," said Chris Larsen, senior malware researcher for Blue Coat Systems. 

"Web-based malware changes far too quickly these days for traditional single-layer defences like anti-virus to keep pace. The most successful defence against this type of attack is one like WebPulse that can correlate the evidence and automatically identify and block the network responsible, regardless of how the payload is encrypted."

Collaborative defence

Blue Coat claims it gets more than three billion requests per week for the collaborative defence provided by its Blue Coat WebPulse service.

Elaborating about the latest Shnakule attack, Blue Coat notes that it is a three-staged attack that uses malicious Web advertisements. 

Cyber criminals had ensured that each of the rogue ad servers had been set up with different registrars at least a month before launching the attack.

This according to Blue Coat was long enough to successfully convince Web advertising companies that they were serving legitimate ads.

Also, this malware payload comes from servers identified by WebPulse as part of the Shnakule Malware Delivery Network. 

Thanks to the visibility into the Shnakule network, the Blue Coat WebPulse service was able to block the malware payload before the attack was launched.


Sign up for Computerworld eNewsletters.