May 21

My windows is up-to-date, my Internet Security software and Anti-Virus is up-to-date so I am impervious to attack. Right? Besides, is it really that dangerous?

 

Web Threats

threat imageA web threat is any threat that uses the internet to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web. They benefit cybercriminals by stealing information for subsequent sale and help absorb infected PCs into botnets. Web threats pose a broad range of risks, including financial damages, identity theft, loss of confidential information/data, theft of network resources, damaged brand/personal reputation, and erosion of consumer confidence in e-commerce and online banking.

Fool me once, Fool me twice

detour

In August 2008, popular social networking sites were hit by a worm using social engineering techniques to get users to install a piece of malware. The worm installs comments on the sites with links to a fake site. If users follow the link, they are told they need to update their Flash Player. The installer then installs malware rather than the Flash Player. The malware then downloads a rogue anti-spyware application. Variations of this are still happening today.

Drive-by Downloads

Drive-by download is an unintended download of computer software from the Internet: Downloads which a person authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet). Any download that happens without a person’s knowledge, often a computer virus, spyware, malware, or crimeware.

digital-information-highway-horizon

[1] Drive-by downloads may happen when visiting a website, viewing an e-mail message or by clicking on a deceptive pop-up window:

[2] by clicking on the window in the mistaken belief that, for instance, an error report from the computer’ operating system itself is being acknowledged, or that an innocuous advertisement pop-up is being dismissed. In such cases, the “supplier” may claim that the person “consented” to the download although actually unaware of having started an unwanted or malicious software download. Websites that exploit the Windows Metafile vulnerability (eliminated by a Windows update of 5 January 2006) may provide examples of drive-by downloads of this sort. Hackers use different techniques to obfuscate the malicious code, so that antivirus software is unable to recognize it. The code is executed in hidden iframes, and can go undetected even by experienced users.

[3] A drive-by install (or installation) is a similar event. It refers to installation rather than download (though sometimes the two terms are used interchangeably).