Tuesday, November 11, 2008

Rampant Malware Drive-by-downloads

Hi Folks,

Drive-by-downloads are rampant. They infect your machine with malware when you simply visit a website. No clicking on links or user interaction is required; you simply get infected when your browser loads the page. Following is a link to an article about such a sample attack from last month:

http://www.theregister.co.uk/2008/11/10/drive_by_download_mass_attack/

And, the cybercrime economy is growing due to the economic downturn:

http://arstechnica.com/news.ars/post/20081023-malware-writers-ratchet-up-attacks-as-stock-market-tanks.html

http://www.informationweek.com/news/security/cybercrime/showArticle.jhtml;jsessionid=Y132JJQO0YUMIQSNDLRSKH0CJUNN2JVN?articleID=212101494&cid=tab_art_int

Google is doing some great work in this area by flagging web sites that get infected so that you are protected while you are searching by displaying a message saying "This site may harm your computer" below infected links in their search results:











Google also provides the list of infected sites to Firefox and Chrome browsers, so that users can be protected not only while they are searching but can be protected wherever they happen to be browsing on the Internet.

Yahoo provides similar protections through a feature called SafeSearch that they have deployed in partnership with McAfee. Finally, Microsoft is also slated to provide anti-malware protection as part of the next version of Internet Explorer.

There is much good work that search engines and browsers are doing to help protect users! Detection systems are working to avoid false positives (when a web site gets blacklisted even though they are not really infected), potentially at the expense of false negatives (in which a web site does not get blacklisted even though it is infected). I hope that over time Google, Yahoo, and Microsoft crack down even more aggressively on this problem so that unsuspecting users don't get infected, and the growth of botnets resulting from such malware infections can be curtailed.

Thoughts? Comments? Questions?

Let's keep fighting the fight!

Sincerely,

-- Neil
http://www.neildaswani.com

Learn more about security from Stanford's Advanced Computer Security Certificate Program-- click on http://tinyurl.com/2286xw for more information.

My book, "Foundations of Security: What Every Programmer Needs To Know" is available at http://tinyurl.com/33xs6g

1 comment:

Dave said...

Neil, I don't understand how these people are able to get away with this. The article stated that malware was hosted on servers in China; why don't they shut them down? Clearly, they must be leaving some sort of trail behind. Thanks and Happy Holidays.