Drive-by Downloads on the Rise

Purveyors of malware and BlackHat SEO’s have been pulling in a great deal of headlines lately. It seems anytime something makes the news, there is a report of illegitimate web sites targeting keywords associated with the story to draw visitors into their malicious site. Earlier this month, I discussed how search poisoning is used to push malicious sites to the top of the SERPs. I figured a nice follow up to this would be a description of what the attacker does once he or she gets you to their site.

Drive-by downloads
The purpose of the search poisoning is usually to drive unsuspecting visitors to a malicious web site where the visitor’s computer downloads malware to their computer without their consent or knowledge.

A drive-by download , or drive-by installation, works by exploiting security vulnerabilities on the browser used to surf the Internet. A malicious web site is set up containing code that actively seeks out these vulnerabilities. When found, they send the visitor to a third-party server where the malware is silently installed on their computer.

Why the third-party server? Even attackers work hard to achieve these high page rankings, albeit through less than ethical techniques. Sending visitors to a third-party server means their ranked page can survive longer since it is not flagged as housing malware.

Examples
In the month of January, four headlines drew a large amount of interest from attackers. The rumors of actor Johnny Depp’s death, actress Brittany Murphy’s death, the earthquake in Haiti and the release of the Apple iPad all found themselves to be targets of a combined SEO poisoning/drive-by download attack.

In each case, the victim downloaded malware to their computer known as “scareware”. Scareware is used to frighten the victim into believing that their computer is infected with malware. In a panic, the victim purchases the advertised security software to clean their system. Selling bogus security software to their victims has been bringing attackers in around 15 million dollars a month. Not hard to believe when you consider that Consumer Reports estimates that 1 in 90 people fall for these scams.

While scareware is the malware du jour, it is not the only method of attack. Some sites install even less conspicuous malware onto their victims’ computers. Using Trojans, attackers can steal passwords, account information or create large botnets of zombie computers that they use to attack web sites, attack networks and spread spam. A prime example of this was when the Stadium for the Miami Dolphin’s web site was injected with a malicious code attacking those looking for Super Bowl information.

More to come
Just next month, the Winter Olympic games kick off and this summer, the World Cup will be in full swing. Security experts are already predicting these to be included in the next round of malicious keywords.

Protecting yourself from drive-by downloads can be tricky. It would be easy to suggest that people only visit well-known web sites, but that is counter-productive to the web. After all, what makes the web so great is the ability to find new and interesting sites.

Tools can be used to help identify sites that could be potentially dangerous. McAfee has introduced SiteAdvisor and Symantec has Norton Safe Web, but unless someone else has been infected by the site it does little to protect you.

The best solution to any malware is to run a legitimate anti-malware , or anti-virus for those stuck in the 1990’s, software on your computer that is updated frequently. Staying proactive is the only way to keep infectious files at bay.