The Latest in the Threat Landscape—Web-based Attacks: February 2009
As we talk to enterprise and consumer customers, we are finding that many don’t understand the risks of the Internet today, why their computers have been compromised, or how the threat landscape has really changed. The fact that simply visiting your favorite website can either lead to malware silently being installed on your computer without ever clicking on anything, or being plagued by misleading applications, such as fake antivirus software, seems to be a surprise to many users and IT managers alike.
With the increase in Web-based attacks that users are being subjected to every day, we wanted to share timely data on the changing threat landscape and examine some of the factors and background information that have influenced the shift toward this type of attack over the past year.
Our recently published Web-based attacks white paper highlights some of the top Web threat trends that our security analysts observed during 2008:
In researching the paper we realized that few websites are immune from being compromised and used as a host to deliver malware to unsuspecting visitors. During 2008, Symantec observed more than 18 million drive-by download attacks. In just the last six months, we observed more than 23 million misleading application attacks. These two attack types represented Web attacks from 808,000 unique domains, many of which are mainstream websites, including: news, travel, online retail, games, real estate, government, and many others.
For this blog post, I was going to include a video showing what happens during a typical drive-by download attack; but, the scary part is, there is nothing to show! When your system is compromised, there is usually no indication—it happens silently without flashing lights or having to click on anything. All it takes is one vulnerable browser, multimedia application, document viewer, or browser plug-in and your computer can be compromised. I spoke with one user who couldn’t believe that one of the top 100 sites on the Internet would be attacking his computer. There was another customer whose own Web server kept attacking and infecting his computer.
But, it’s very real. Legitimate sites are compromised using popular techniques, such as malicious advertisements (or “malvertisements”) to attack your machine.
Some users today may even be lulled into thinking they don’t need to have antivirus software with updated subscriptions since they haven’t “seen” a virus in an email recently. I even heard one user state that “he is careful where he goes on the Internet.” This isn’t enough. Web-based attacks are occurring everywhere and users’ computers are being attacked and infected in enterprise and consumer environments alike.
Yesterday’s technology won’t help you in protecting against this changing threat landscape. There are many who are still relying on traditional signature-based antivirus software only to protect their systems. The good news is, there are advanced technologies and best practices available to better protect your system in today’s Internet environment. You just have to use them!