Drive-by Downloads - A Serious Threat to Internet Community
Security experts at Kaspersky warn that drive-by downloads are a major threat today as they affect the Web more surreptitiously. Drive-by downloads represent those malevolent programs that automatically get downloaded onto the PCs of the users without their knowledge or consent, the experts said.
Emphasizing that the drive-by download threat is widespread, Kaspersky in its most recent report on security issues states that since June 2008, the anti-malware researchers at Google crawled a massive number of Web pages to examine them for any possible malicious activity. Consequently, they found that over 3 Million URLs setting off the drive-by downloads.
Says Kaspersky that earlier cyber-criminals used to set up sinister websites, but now they largely snatch control of legal or regular sites to secretly plant on them an exploit, alternatively embed a code that clandestinely triggers an attack through the browser. Thus, drive-by downloads have become even more threatening.
Besides, according to ScanSafe, during Q3 2008, 74% of all malicious programs identified, emanated from the visits to hacked Internet sites. This finding, therefore, indicates that a large-scale epidemic of drive-by downloads is surrounding the worldwide Internet users, according to the security experts.
Warns Ryan Naraine, security evangelist at Kaspersky, that cyber-criminals have a great preference for drive-by malware downloads simply because they are more surreptitious in infecting systems that generally lead to successful attacks. ITWire published this on April 14, 2009.
Naraine further warned that software kits for malware exploits do a lot towards the working of drive-by downloads. These kits represent application components that are professionally designed and made to run on a computer server with some database backend.
Further, in case of a successful exploit, a Trojan could be implanted that allows hacker to gain complete access to the compromised system and thereby, steal secret information.
Additionally, Kaspersky also disclosed that malware writers and identity thieves buy exploit kits that they deploy on a sinister server, with a code diverting the traffic towards that server. These sites attract the user traffic via bulletin boards or spam mails.
Thus, Kaspersky's security experts recommend that an adequate patch management is the best way to protect users from the potential threat of drive-by downloads.
Related article: Drive Lock Sales Surge to Block USB Forts From Spreading Malware
» SPAMfighter News - 20-04-2009