The new entry point for attacking the enterprise is the web browser. Bugs in web browser implementations allow hackers to exploit your users. You know what Google says? The browser is the new operating system.It is difficult to lock down web browsers. Hackers are injecting malware in advertising. This process is being coined malvertising. It is simpler than trying to get a user to download and execute a file.
The injection of malware ads is also pretty simple. You just put together a real ad which has the hack embedded in it. You don't need to take user a web site. Allow the web site to come to you to serve up your ad.
How do you stop such a malvertising attack? You can make sure you users are not administrators of their machines. You can also disable the technologies that allow the attacks to work. This includes JavaScript and ActiveX. The only problem with these extreme measures is that it may impact legitimate user activities.
