Its not just sordid websites, any legitimate website may be infecting visiting computers. Over 640,000 websites consisting of over six million web pages have been quietly hacked to dish out attack code to visitors. And, these are ONLY the detected ones. The actual number is undoubtedly much higher.

These figures come from an information security vendor named Dasient. They offer free and paid services for assessing website health. Their free service, which requires registration with a valid email address, sends out a periodic email stating your website either is or is NOT on any of the malware infected website blacklists. They also offer paid services whereby they scan your website(s) periodically for malware and alert you if ever malware is detected.

Websites Infected via Webmaster’s Computer

Though many websites still get infected the old fashioned way, by exploiting a vulnerability in the web server or other software. Cyber criminals have found that compromising a webmaster’s laptop or desktop is far easier.

It begins with a typical malware attack infesting an arbitrary computer. Once running, it scans the host webmaster characteristics: FTP programs, web authoring tools, HTML files, etc. Some research points to the malware altering HTML files located on the webmaster’s computer just prior to or while they are uploaded to the server. The beauty of this approach is that doing so leaves no anomalous log entries on the server. Whereas the other common method, which involves stealing the webmaster’s login credentials, does leave such breadcrumbs (e.g., server log: login from an unfamiliar IP address).

There are at least three common methods employed for stealing webmaster credentials to infect legitimate websites. First, the malware looks for the presence of typical webmaster software and then looks for its password store, which tends to be located in relatively the same place, unencrypted. Second, the malware download and installs a keylogger. Third, the malware monitors all FTP traffic and parses out any credentials, which are frequently unencrypted. There’s a bonus to this approach. The malware can listen for FTP traffic originating from other nearby machines. So, the webmaster must be mindful of where his/her computer is located when accessing the servers.

Any Website May be Infected; Any Visitor May Get Infected

Web browsers are amongst the most security flawed client software application classes in existence. They offer very poor compartmentalization, keeping activities from one tab or window, separate from another tab or window. And, matters will only get worse as cyber criminals exploit the undiscovered country of vulnerabilities amongst the browser itself, its library components, plug-ins, and add-ons. If that were not enough, many browsers will automatically load another application when a specific document is encountered. So, Microsoft Excel would load when a xls document is encountered, for example. Thus, its not just a matter of ensuring that web browsers are vulnerability free. These others must be as well.

Use Two or More Different Web Browsers

By using Internet Explorer or Firefox for sensitive activities such as online banking, and using the other for general purpose browsing, one effectively compartmentalizes these activities such that cyber criminals cannot merely subvert internal web browser security but instead must infect the entire computer. More here

Your Anti-Virus/Spyware Will NOT Protect You

Though old malware still circulates around the web, cyber criminals are increasingly discarding their newly created attack code after only 48 hours to ensure that the signature-based or patterns-based technologies of your anti-virus/spyware cannot detect them. The more short-lived the attack code, the less likely anti-virus/spyware vendors’ honeypots will ever encounter the attack code for which to develop a detection signature. Cyveillance recently found in its lab tests of leading anti-virus/spyware products against NEW malware an average detection rate of 29%.

You Need Computer protection Designed to Stop NEW or Zero-day Malware Attacks!

Blue Ridge offers AppGuard for consumers and small businesses, which protects them from whatever they encounter. AppGuard co-exists with any anti-virus/spyware product already installed. Your existing anti-virus/spyware excels at stopping OLD malware (more than one month old). AppGuard excels at stopping NEW malware. You could rely only on AppGuard. But, layered protection is always good. And, good anti-virus/spyware software is available for free: Microsoft Security Essentials for consumers; Comodo AV for enterprises (remember to disable the HIPS).

For the enterprise, Blue Ridge offers AppGuard Enterprise, a centrally managed computer protection software solution. Organizations looking for extensive audit and control over their computers can either buy EdgeGuard, or conduct a field upgrade from AppGuard Enterprise to EdgeGuard later, via a policy update.  Small enterprises can outsource computer protection, control, and audit to Managed EdgeGuard.

The protection in these solutions is called AppGuard Technology. Check out this white paper if you wish to understand how it works. [link] AppGuard Technology not only snuffs out drive-by download attacks but also prevents attacked applications such as Adobe Reader from being coerced by attackers to directly harm a PC. Users can also install MBRguard to stop nasties such as KillDisk as well as sophisticated MBR based Rootkit attacks.

Related Articles

ALERT: Malicous PDF’s Exploiting Adobe Acrobat, You May Be Next

Botnets Inside the Gates, Every PC Must Defend Itself

SANS: Client-Side Software Vulnerabilities Are Highest Priority But Most Neglected Risk

(Beladen) Websites Unknowingly Attacking PCs

Signature Based AntiVirus Technologies vs Malware Detection with a Coin Toss

Posted: Wednesday, October 28th, 2009 - Endpoint Security
RSS 2.0 - Comment - Trackback