Drive-by Assaults Perfected for Malware During February 2011
According to its most recent February 2011 security report, Kaspersky Lab the security firm through its statistics discusses the malware that prevailed in February 2011. SecureList published this in news on March 8, 2011.
States Kaspersky, currently, the attacks tend to be mostly of drive-by assaults kind and they prove especially perilous since the target users don't get to know of them. Moreover, they can be unleashed through genuine Internet sites, which in reality have been compromised.
Users, who access the contaminated websites, are diverted onto more sites that carry script downloaders. Often cyber-criminals use different kinds of attack codes, which introduce script downloaders for pulling down malicious programs on users' PCs.
Furthermore, the report states that during February 2011, there was a significant rise in CSS' (Cascading Style Sheet) employment because they carried a part of script downloader data wherein script downloaders are a novel technique to disseminate malicious software while making several anti-virus applications incapable of spotting the malevolent scripts. Presently, cyber-criminals are using this technique in most drive-by download assaults as they facilitate the downloading of attack codes onto victims' systems without drawing any notice.
Commonly script downloaders pull down 2 kinds of attack codes. The first one exploits the CVE-2010-1885 security flaw and has been identified as Exploit.HTML.CVE-2010-1885.ad. This code was found to inflict a mean of 10,000 unique PCs daily.
The second one abuses the CVE-2010-0840 security flaw and is identified as 3 Trojan samples which are Trojan-Downloader.Java.OpenConnection.dc, Trojan.Java.Agent.ak and Trojan-Downloader.Java.OpenConnection.dd.
In the meantime, it is also evident from the February 2011 threat landscape report that there continues to be potentially perilous security flaws in PDF. A total of over 58,000 unique PCs were detected having PDF attack codes during February 2011.
Finally, the report also states that a malevolent packer, which's apparently utilized for safeguarding a P2P virus namely Palevo was found to inflict over 67,000 unique PCs during February 2011. This virus helped in building the Mariposa botnet, which police in Spain took down recently. Incidentally, cyber-criminals, lately, while disseminating Palevo tried to either build one fresh botnet or revive an earlier one.
Related article: Drive Lock Sales Surge to Block USB Forts From Spreading Malware
» SPAMfighter News - 16-03-2011