Web 'under siege' from drive-by download attacks
Criminals are targeting the web browser as the weak link in the security chain, leading to a drive-by download epidemic.
The web is under siege from cybercriminals taking advantage of the internet browser - and we are in midst of a large-scale drive-by download epidemic, says Kaspersky.
In a white paper, Kaspersky security evangelist Ryan Naraine explained that the dramatic shift to using the web browser as an attack tool was due to the Windows operating system being better protected after the so-called "internet worm era" dominated by attacks like Code Red, Blaster, Slammer and Sasser.
Regular operating system patching meant that a new way of attacking evolved called the drive-by download, which used the browser as the connection between computer users and servers rigged with malware.
In a drive-by attack, the malicious program is automatically downloaded to a user's computer without consent or knowledge.
He said: "The attack actually occurs in two steps. The user surfs to a web site that has been rigged with code that in turn redirects the connection to a malicious third-party server hosting exploits.
"If the exploit is successful, a trojan is silently installed that gives an attacker full access to the compromised computer."
The attacker could then use the computer to steal confidential information or launch Denial of Service attacks.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
He quoted figures from the Google Anti-Malware team over a ten-month period, which found more than three million URLs initiating drive-by malware downloads.
Naraine went on to say that malware exploit kits were the engine' for drive-by downloads professionally written software components hosted on a server with a database backend.
Sold on underground hacker sites, these kits could be used on desktop applications, while browser-specific exploits have also been used.
He said: "Identity thieves and other malware authors purchase exploit kits and deploy them on a malicious server.
"Code to redirect traffic to that malicious server is then embedded on web sites, and lures to those sites are spammed via email or bulletin boards."
The threat of drive-by downloads was a big story last year, as was the new threat of criminals buying their own malware kits to carry out cybercrime.