Thursday, February 18, 2016

Data Stealers and the Drive-By Download

Most of you are already aware of “phishing” attempts and “Trojan horses” that deliver malware that can infect your computer. Today I want to introduce you to the “drive-by download”…

What you see on your screen is not always all you are getting when you browse the Internet…

It’s not uncommon to get what you didn’t bargain for. “Drive-by downloads” happen during Internet browsing when your computer downloads, without your knowledge, something that infects your system, usually with the intent to steal your information and your credentials. Many websites are often used as part of a multi-step attack, as seen in the example graphic below:

The most common means of infection are from search engine poisoning, malicious forum posts, and malicious advertisements. The computer vulnerabilities that these exploits target commonly include Windows, Java, Flash, and Acrobat software vulnerabilities.

If successful, often a data stealer such as “Zeus” or one of the ever-popular “Exploit Kits” is installed. These tools allow information and credentials to be captured on your computer and sent to an unknown 3rd party.

What can we do to lower the chances of this kind of data theft?

Keep the software on your computer up-to-date
Don’t run vulnerable versions of applications, especially Windows, Java, Flash and Acrobat software. If your computer is up-to-date, these exploits are less effective.

Browse carefully
While not a guarantee, staying on known, good sites and avoiding lesser known sites can lower the risk, and is especially important if you are browsing on a computer that houses or processes sensitive information. In that case, it is better yet to use a different computer to browse the Internet. If possible, limit your browsing at work to sites related to business.

Use a web filter
A web filter will filter known compromised websites. While it can’t catch everything, it does lower the risk significantly. Consider using a web filter at home; free options includes K9 and OpenDNS.

Use updated browsers and operating systems

The latest versions of operating systems and Internet browsers have features for and are designed to better resist these types of attacks.

Don’t surf the web as an “administrator” on your computer
Remember that malware will almost always do as much damage to your computer as your account has permissions to perform. For your home computer, consider browsing the Internet with an account with lesser privileges on your computer. Advanced users should consider browsing using a virtual machine, and using ad blockers and Noscript which can block execution on new or unknown sites.

And don’t forget…Backup your files!
Sooner or later, something bad does happen. Always be sure that you can continue working even if your computer can’t.

No comments:

Post a Comment