|
One Million Websites compromisedBy John HarrisonIn the old days, practicing “safe Internet” meant staying in the good online neighborhoods so you didn’t get infected. Today, almost any website you visit could be a landmine leading you to having your system compromised. Recent reports from SANS Internet Storm Center and The Register detail millions of potentially infected mainstream websites including news media, retail shopping, hobby forums, gaming, banking, popular social networks, education, government, travel and vacation sites. In July 2008, Websense reported that “60 percent of the top 100 most popular Web sites either hosted malicious content or contained a masked redirect“. The truth is mainstream websites are being compromised and are subjecting consumers to drive-by downloads on a daily basis. Today I Googled Final Fantasy and clicked on the top search result which turned out to be a web site called “thefinalfantasy”. I was immediately hit with a malicious drive-by download attack. Lucky for me, I’m a security nerd and I work for Symantec so I was running Norton. Here’s a screen shot of details on the drive-by download that was blocked. 
The what and the how of a drive-by download So what is a drive-by download? Wikipedia defines it as a “Download of spyware, a computer virus or any kind of malware that happens without knowledge of the user.” No user interaction is required. You don’t have to click on anything, open up a file, or send any information. Simply navigate to an infected site, and it’s “game over”. Your system has been compromised! Bad guys can install anything on your system – fake antivirus products to trick you out of money to remove viruses you don’t have, keyloggers to steal your banking and credit card information, and bots to have your system be used to compromise other sites. Hackers are using automated tools to infect thousands of websites at one time using techniques such as SQL injection to insert any code they want on those sites. It can be as simple as adding one line of code to a website saying “send any users who visit goodsite to my badsite hosting malicious attack software” Your system is then attacked by just by visiting the goodsite. If your system is running a vulnerable browser, ActiveX control, or application such as a multimedia application, then the badsite could add the malware to your system. The key take away is that the threat landscape has changed considerably in the past few years, and the security software on your system needs to change with it. Simply put, not all antivirus and security products are equal in the ways they protect you. New protection is required Protection from today’s threats requires newer proactive protection technologies to address what traditional signature based approaches can’t. Symantec added new protection technologies to Norton to provide additional protection against browser vulnerabilities, vulnerable ActiveX controls and multimedia application vulnerabilities. Last summer Symantec commissioned Cascadia Labs to look at the effectiveness of leading paid consumer security products in protecting against today’s real world attacks. Cascadia conducted an independent test using the same methods by which malicious websites attack users PCs and also visited live malicious websites with the security products installed to protect them. The results show that Symantec’s Norton Internet Security 2008 provided almost perfect protection – the highest of any other tested product. Cascadia's full report can be found here: http://cascadialabs.com/clients.html In the meantime, here are a few tips to protect yourself:
View All articles
 | Next Article
|
|
