Forget Conficker, there’s a new threat driving past your computer!

Peter Dinham
Tuesday, 14 April 2009 18:02

Business IT - Technology

According to Naraine, malware exploit kits serve as the engine for drive-by downloads. He says these kits are professionally written software components that can be hosted on a server with a database backend.

“The kits, which are sold on underground hacker sites, are fitted with exploits for vulnerabilities in a range of widely deployed desktop applications, including Apple’s QuickTime media player, Adobe Flash Player, Adobe Reader, RealNetworks’ RealPlayer, and WinZip.”

Naraine says that browser-specific exploits have also been used, targeting Microsoft’s Internet Explorer, Mozilla’s Firefox, Apple Safari, and Opera, and, he adds, several targeted exploit kits are fitted only with attack code for Adobe PDF vulnerabilities or known flaws in ActiveX controls.

Naraine warns that identity thieves and other malware authors purchase exploit kits and deploy them on a malicious server, with code to redirect traffic to that malicious server then embedded on Web sites, with lures to those sites spammed via e-mail or bulletin boards.
 
And, if that’s a worry, Naraine also says that an exploit kit server can use HTTP request headers from a browser visit to determine the visitor’s browser type and version as well as the underlying operating system!

“Once the target operating system is fingerprinted, the exploit kit can determine which exploits to fire,” he says.

Naraine makes the point that most modern Web browsers – including Internet Explorer, Firefox, and Opera – have added anti-malware blockers that provide early-warning systems when users attempt to surf to a rigged Web site.
 
However, although Naraine says these blockers provide good value, because they are blacklist-based he cautions that they do not provide 100 percent protection to Web surfers.
 
“According to our expert,” says Naraine, “the most practical approach to defending against drive-by downloads is to pay close attention to the patch management component of defense.”

Sound likes a good time to be aware, as iTWire’s Davey Winder wrote, - http://www.itwire.com/content/view/24364/1231/ -  today’s (Tuesday) security updates from Microsoft will involve the release of the most updates by Microsoft in one day since October 2008 – in fact, no less than eight security updates, says Winder.

As Winder wrote - security patches should not be considered an optional extra, although they all too often are with predictable consequences. You only have to look at the current Conficker epidemic for evidence if you don't believe it, he says.

Happy patching!