(Beladen) Websites Unknowingly Attacking PCs
by Eirik Iverson, Product Management
Any website that a PC in your organization visits may unleash a world of hurt. It’s not just the sordid websites that pose great risk. Clever cybercriminals have been systematically compromising legitimate websites to covertly infest the PCs that visit them with malware that eludes anti-virus/spyware software. Beladen is a direct challenge to blacklisting services too. Protect your endpoints with something not based on technology developed over a decade ago!
Last week, Websense estimated that 30,000 websites were infected. Earlier this week, they estimated that this had grown to 40,000, a one third growth in 72 hours supposedly. Nothing but speculation exists as to how the integrity of these websites is compromised: keyloggers on website administrator PCs, intercepted FTP credentials, who knows? If the malicious javascript added to the bottom of compromised web pages cannot be discovered via search engines, I’m curious how Websense and others are deriving their estimates. Nonetheless, I suspect they have a credible means for generating their estimates.
.
An unsuspecting PC users visits one of these compromised sites. The pages they view have malicious Javascript added to them that exploits vulnerabilities in client software on the PC without the end-user having to do anything. They simply visit the page and they become infected. These web pages can be updated with even newer zero-day exploits that attack the same or other client software. If not already, Beladen will be attacking unpatched Acrobat Reader software, not yet reported to be attacked by Beladen.
.
The consequences these compromised websites are impressive. If each of the compromised websites receives an average of only 100 visits per day, 90% of the visiting PCs are Windows, 95% of them do not have Javascript disabled, and 50% of them (a very conservative figure) have just one of the targeted client software applications unpatched (Firefox, Internet Explorer, Quicktime), then that equates to 1.7 million infected PCs per day. Beladen may be approaching a Conficker-like magnitude of PC infections.
.
What should you do? First thing, patch Firefox, Internet Explorer, Quicktime, and while you’re at it, Acrobat Reader. For organizations, if you don’t have a centralized means to do so, write instructions for all of your personnel to do so manually. After they’re done, insist that each individual estimate how long it took them to do so. You may find the results useful in justifying the acquisition of new endpoint security tools.
.
Speaking of tools, I’m sure regular readers of this blog see it coming, get something to supplement your anti-virus/spyware software. Peruse through many of the articles here and you’ll find plenty of rationale to move beyond the past, to not rely on technologies invented over a decade ago that feeble-minded junkies with user-friendly software can create in minutes malware that evades those venerable relics. And, one more thing, yes, the regulars are probably anticipating this next point, worry less about what percentage of attack vectors a particular system stops and focus more on the usability and operational burden of such systems.
.
The usability of a protection product is directly proportional to its effectiveness. The most potentially capable protection products are also the least utilized products because they are so complicated. Consequently, their effectiveness is severely compromised in practice and overrated in reviews.
AppGuard, AppGuard-Enterprise, and EdgeGuard Protect Computers from Compromised Websites
AppGuard, AppGuard-Enterprise, and EdgeGuard block these attacks without dependence on virus signatures or any other form of attack-specific characteristics. This means they stop zero-day attacks regardless of the shape-shifting and obfuscation technigues used to fool conventional security software. Their ‘privacy mode‘ feature prevents your web browsers from being coereced into stealing, deleting, or ransoming sensitive information from within the folders on your hard drive designated as private. However, these tools do not interefere with what happens within a web browser. They prevent attackers from escaping the confines of the web browsers and other at-risk software applications. This means, computer users should use two or more different and separate web browsers to prevent data leaks (user ID and passwords) that can occur in today’s world of multi-tab browsing or web pages served by dozens of different web servers. Multiple web browsers ensures compartmentalizes sensitive web transactions from other web browser activity. AppGuard and EdgeGuard client security software places all of these web browsers under guard so they can do no harm.
Related Articles
Employee Owned Computers are Data Leak Risks to Employers
Business Protection from AntiVirus-Failure Caused Fraudulent Bank Transfer Losses
Is a PC Using a Limited User Account (LUA) Safe from Drive-by Download Attacks?