Forget the drive-by-shooting, it’s the drive-by-download to watch out for!

Peter Dinham
Tuesday, 03 March 2009 15:28

Your IT - Home IT

So-called drive-by download components dominated the latest security threats to our computers during February as cybercriminals attempted to compromise the security of users’ systems.

Security firm, BitDefender, in its February list of top 10 e-threats, said that in first position for the second time this year - but in a much shorter lead than last month - was Norton-bypassing ad-serving malware, Trojan.Clicker.CM .
   
Reporting the dominance of drive-by-download components, BitDefender describes these components as atomic bits of malware strung together like a "daisy-chain" by malware creators. Each "atom", says BitDefender, represents another attempt by cybercriminals to compromise the security of a user’s system.

Ominously, BitDefender says the drive-by download malware is usually authorised indirectly by the user, but without understanding the consequences (e.g. by enabling an ActiveX component).

According to BitDefender, Trojan Clicker.CM displays a large number of advertisement pop-ups in the Web browser’s background attempting to lure the user to click. “If clicked, profits are generated for advertisements registered within a pay-per-click system. The trojan also uses several functions that bypass the Norton Internet Security pop-up blocker.”

At second place on their list, BitDefender said it found an older "daisy chain" - Trojan.Wimad.Gen.1 or the Wimad Trojan - which masquerades as a carrier component for malicious ASF files. The Trojan, says BitDefender, is loaded via a downloader trojan ranked last in the top ten e-threats list.

According to BitDefender, the Conficker virus and its brethren are also present in the February top ten via a generic detection against viruses that use the recent autorun bug in Windows - Trojan.AutorunINF.Gen with 4.17 percent of detections.

And, ranked 8th is Trojan.IFrame.GA, described by BitDefender as a simple script which gets injected into compromised webpages and sends browsers to a collection of exploits such as Trojan.Exploit.ANPI (ranked 7th), which can direct vulnerable systems to a page containing Trojan.Exploit.SSX (in  5th position).
 
Sorin Dudea, BitDefender’s head of antimalware research, says this particular infection chain was taken directly from the analysis of a number of compromised and/or malicious websites hosted in China.