The Drive-by Download Menace
Security researchers are finding more malware pushed from Web sites, including trusted sites that have been compromised. Both Sophos and Websense have reported increased activity on this front; for more on the Websense report, see yesterday's post, When Bad Things Happen to Good Website. If you don't think you run the risk of visiting a compromised site, consider reports from Symantec about a pharming attack that pushes code to change the DNS settings on some routers. More on that below.
First, the Register covered the Sophos report:
Security watchers at Sophos are discovering 6,000 new infected webpages every day, the equivalent of one every 14 seconds. Four in five (83 per cent) of these webpages actually belong to innocent companies and individuals, unaware that their sites have been hacked. Websites of all types, from those of antique dealers to ice cream manufacturers and wedding photographers, have hosted malware on behalf of virus writers, Sophos reports.
Now as for the Symantec report on DNS vulnerabilities:
In one real-life variant that we observed, the attackers embedded the malicious code inside an email that claimed it had an e-card waiting for you at the Web site gusanito.com. Unfortunately the email also contained an HTML IMG tag that resulted in an HTTP GET request being made to a router (the make of which is a popular router model in Mexico). The GET request modified the router’s DNS settings so that the URL for a popular Mexico-based banking site (as well as other related domains) would be mapped to an attacker’s Web site.
The report also recommends reseting your router to default factory configurations in case you have been hit and then use a strong password.
A number of end of year predictions about security in 2008 noted the threat from compromised Web sites and drive by downloads, at least those forecasters can check off one correct.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
