Riding the Net risks drive-by malware download attack

Peter Dinham
Tuesday, 07 July 2009 08:08

Business IT - Security

The data is decrypted on the server using the private RSA key and a selection of scripts (browser configuration dependent) is returned to the user. The scripts exploit vulnerabilities on the victim machine and download malicious programs to it.

“In addition to everything else, this multi-step approach seriously hinders analysis of the original script that harvests browser information: if the server that decrypts the data is not accessible, it is impossible to find out which scripts will be returned in any particular case.”

Vendors like Adobe and Microsoft come in for special mention in Kaspersky’s report.

According to Kaspersky, a number of malicious programs exploit vulnerabilities in products from major vendors and, it says, the presence of such exploits as Trojan Clicker.SWF.Small.b, Exploit.JS.Pdfka.gu, Exploit.JS.Pdfka.lr и Exploit.SWF.Agent.az in the ranking is “testimony both to the popularity and to the vulnerability of Adobe Flash Player and Adobe Reader.”

Kaspersky says that vulnerabilities in Microsoft products are also actively exploited, with Trojan-Downloader.JS.Major.c attempting to exploit several vulnerabilities in different Windows and Microsoft Office components simultaneously.
 
The security firm also warns that has recently been a clear trend for cybercriminals to use a range of sophisticated drive-by downloads to install malware on victim machines, and it cautions that, overall, cybercriminals are becoming increasingly Web-oriented.

And, Kaspersky also  reveals the countries which rank most highly in terms of attempts to infect computers via the web, with China way out in front at 56.4 percent, followed by Russia at 5.9%, the United States 4.8 percent, India at 3.3 percent and Brazil 2.02 percent.