Drive-by Download Attacks On The Rise

[nikster]

BBC has news of an interesting new study by Google - they found that 10% of 4.5 million pages analyzed hosted drive-by malware. That's software that install itself without user interaction when the user visits a malicious website, usually through exploits of Internet Explorer.

http://news.bbc.co.uk/2/hi/technology/6645895.stm

I found it pretty interesting because I did not think that _that many_ servers are infected. There are the usual suspects, pr0n and warez sites. But also perfectly legitimate sites that had been hacked - ie hackers break into the website, and put their drive by downloads on all pages hosted by the site.

The study said the vast majority of the exploits was IE based, therefore not using IE provides protection from the vast majority of exploits. Didn't say anything about Vista IE vs XP IE - I would like to know if Vista protects from these...

[waldwolf]

nikster - The BBC article appears to be an update to a project Google announced last year, wherein, should you attempt to link from a Google search to a site containing malware, you will be advised (prior to the handoff) that the site you've selected was previously found to be "unsafe". To my knowledge, the program is still in development, although I have on rare occasions seen such a Google warning.

While the vast majority of the exploits are IE based, this is logically due to the fact the majority of internet surfers use some version of Internet Explorer. However, sites utilizing such malware have the capability of determining which make/version of browser your using (IE, Firefox, Opera, etc.) and will attempt to install malware your browser may not be able to block.

This malware (sold mainly by its Russian developers) is aimed at (1) Spammers who want to take over your computer and using your ISP to spread their messages and (2) Thieves who want to steal your identity and financial information, in order to clean out your bank account and/or max out your credit/debit card accounts. (Sites employing this malware are paid a "per infected computer" fee by the spammers or a percentage of the stolen cash proceeds.)

Steve Gibson and Leo Laporte discussed this threat in the "Security Now! Episode 58 Podcast available here. A transcript of the podcast in pdf format is also available (95kb) for those who would prefer to read the discussion.

More background in these earlier Thaivisa threads:

http://www.thaivisa.com/forum/index.php?showtopic=85011&hl=waldwolf[/b]"]http://www.thaivisa.com/forum/index.php?showtopic=85011&hl=waldwolf

http://www.thaivisa.com/forum/index.php?showtopic=85632&hl=waldwolf[/b]"]http://www.thaivisa.com/forum/index.php?showtopic=85632&hl=waldwolf

....I would like to know if Vista protects from these...

If your Vista is up-to-date on security patches and you stay away for the porno and warez sites, most likely your OK. However, keep in mind this "good guys vs. bad guys" is an ongoing fight. You may be safe today, but tomorrow.......?

waldwolf

[cdnvic]

Yeah, 10% of sites on the web, and 10% of sites people are actually surfing to are two vastly different numbers.

[Firefoxx]

I thought it was pretty obvious that IE was way too vulnerable to web sites that auto-installed software on it. That's why I always recommended using alternatives like Opera and Firefox. You always ran the risk of getting a virus or adware auto-installed if you even simply visited a bad website with IE.

These days the most common form of getting infected with a virus in Thailand is probably the thumb drive.

[cdnvic]

Actually, IE7 is pretty safe if you configure it correctly. Unfortunately most don't.