Drive by automatic downloads

This month's topic is a how technology and procedures can be used to divert "drive-by" or automatic downloads such as the recent Internet Explorer exploit, and to prevent drive-by downloads and other Internet threats from damaging your infrastructure and stealing your personal information.

How This Attack Works

Drive-by downloads infect existing websites or create new websites, and trick users into visiting them. Upon landing on the fraudulent site, hackers slip malicious software onto the PC through a browser flaw. The malicious software assists with identity theft, stealing credit card numbers, passwords and other sensitive data by secretly logging everything the victim types. Having an unsecured web browser leaves you vulnerable to a variety of problems from malware installing without your knowledge to intruders taking control of your computer. Exploiting these vulnerabilities in web browsers has become a popular way for attackers to compromise computer systems.

According to a new study by Google, 1 in 10 sites are malicious sites, silently installing viruses and spyware or tricking you into revealing your confidential information. Recent studies found that close to half of all web browsers were not fully secure and half of all Web sites are infested with some form of malware, including many of the leading search, social networking and shopping sites. And a majority of all new malware is released on the same day as the corresponding browser vulnerability is announced. These and other "zero day" attacks illustrate that setting your browser to maximum security and updating the latest security patch alone is not enough.

How Does It Affect You

All of these attacks bypass traditional PC security, such as anti-virus and firewalls, through your web browser damaging your PC while invading your privacy and stealing your money.

Do these scenarios sound familiar?

Lately I've noticed my computer is really slowing down. It takes forever to boot up, and my streaming video performance is terrible. I've spent a huge amount of time troubleshooting the problem, but can't seem to get my computer back up and running properly. As it turns out I was infected by malware disguised as a video file and silently installed itself on my machine.

I applied for credit and was turned down, even though my credit history is impeccable and I have never been late with a payment. As it turned out my identity was stolen and I was robbed. These identity thieves were running up thousands of dollars in debt under my name and it's all because I was tricked into entering my social security and banking account numbers on a fake website that posed as my bank's website. In the end, I had to spend a huge amount of time and hassle trying to recover my money and my identity.

Recently I needed access to this data but when I tried to locate the information everything was wiped out. Without our knowledge, we were the victims of an online attack that silently installed spyware, destroying all of our PC files. It was amazing how quickly we lost extremely valuable data. Most of the lost data cannot be recovered, and I am in fear about how this will affect my business and its reputation. Browser hijackers can install dangerous spyware that can cause irreparable damage to your files and programs as well as jeopardize your personal information and identity.

What Can You Do About It

Malware in action can consume a substantial amount of your computer's memory, leaving limited resources for other legitimate programs to use. This can lead to extremely sluggish performance of vital programs, like your current Internet browser or Operating System and a slow workstation overall.

Here are some smart guidelines that you can follow:

1. Don't download from sites that you don't trust;
2. Don't enter confidential information into sites you are not familiar with;
3. Don't shop at sites you don't know;
4. Update your operating system and browser regularly with the most current security fixes;
5. Never follow a link from an e-mail that asks you to enter your personal information. Only malicious sites designed to look like real sites will ask for this, because reputable sites would never ask you to do this!

There are also some great plug-ins to grab for your browsers, whether you use Internet Explorer, Firefox, Mozilla, Safari or others. Here are a few tools that will provide additional levels of trust for your browser as you surf the web:

Calling ID - Free anti-phishing browser toolbar and embedded link checking software alerts the user if it detects phishing and related risks.

http://www.callingid.com/Default.aspx

Show IP - Show the IP addresses of the current page in the status bar. It also allows querying custom information services by IP and hostname and allows you to access DNSstuff tools to verify the location of the site..

https://addons.mozilla.org/en-US/firefox/addon/590

Router Status - Shows the current status of your router in the status bar.

https://addons.mozilla.org/en-US/firefox/addon/5544

Scandoo - This scanning technology scans each and every one of your search results to see if there is anything malicious behind the links and then feeds the security results back into your search page. Great home page!

http://static.scandoo.com/about/about_scandoo.html

There you have it. Hopefully some of these techniques and tools will make the potential for hijacks and "man-in-the-middle" attacks less viable for you and your organization. What it does provide, is a solid foundation to use the Internet safely and provide some level of security without being intrusive and preventing business uses for the web.

To view more articles:

http://aplawrence.com/cgi-bin/getauthart.pl?Michael%20Desrosiers

or to inquire about an on-site presentation, please feel free to call me at 508-995-4933 or email me at mdesrosiers@m3ipinc.com.

Until next time.....

Regards,

Michael Desrosiers
Founder & Principal Consultant
m3ip, Inc.
Managing Your Security and Risk Needs
(O)508.995.4933
(C)774.644.0599
(F)508.995.4933
mdesrosiers@m3ipinc.com
http://www.m3ipinc.com

1 comment

More Articles by Michael Desrosiers

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.