How NOT to Get Exploited
Drive-by downloads -- malware delivered to random Web site visitors -- are one of the biggest, fastest-growing threats on the Internet. Learn how they spread across the web, and some easy things you can do to protect against these dangerous exploits...
Exploits Kits Are Big Business
It was a surprise to me when I first learned that the developers of malware don't try to keep their creations a secret. To the contrary, they'll typically offer it for sale to other hackers after they've used it themselves. This "used malware" is traded online in hacker forums and other venues where sellers bundle malware packages into “exploit kits” and sell the kits to crooks who have more money than programming talent.
In my recent article, Drive-by Download Dangers, I discussed how they’ve become so ubiquitous. The rather amazing sophistication of this malware is described in the latest Security Intelligence Report from Microsoft.
The malware delivered in drive-by downloads is recycled stuff, in most cases. Each malware package exploits a different vulnerability in a browser, its operating system, or its add-ons. (Add-ons are the most frequently vulnerable and exploited of the three targets.) A newly discovered vulnerability against which there is no defense (called a zero-day vulnerability) is more valuable to bad guys than an older, well-known one for which patches have been developed and distributed.
A zero-day vulnerability is typically sold by its discoverer to another crook who has a specific, high-value target in mind. Most likely, the target is a large corporation or institution whose IT environment hosts lots of valuable, exploitable data such as users’ personal identity and financial data, or trade secrets. The crook who buys the secret of the vulnerability creates malware that takes advantage of it. He then launches his attack against XYZ Corp. and succeeds or fails. Either way, after the primary attack he has a piece of malware that cost him plenty to develop, and it has re-sale value.
The profits from exploit kits can be substantial; the people behind the Win32/Reveton family of malware reportedly grossed over $50,000 per day in fees derived from exploit kits. Don't think for a second that I'm offering this information as a helpful money-making tip, though. There's an encouraging trend in the past two years, where law enforcement agencies have been taking down these cyber criminals. I discussed one recent example in GameOver and Cryptolocker Busted.
How Do Exploit Kits Work?
An exploit kit consists of a collection of malware, back-end software for managing the malware’s delivery and monitoring its productivity, and an HTML interface for the kit’s operators. The kit resides on a central server while its owner seeds other Web sites with relatively small, innocuous HTML code that links victims to the central server. How that linking is done is pretty interesting.
Each time your browser requests a Web page it sends with the request information about itself: browser name and version number, operating system, and available add-ons. It sends this metadata to tell the Web server what sort of content to deliver and in what format. For example, if your browser supports Flash you’ll get Flash, otherwise you’ll get some other form of multimedia file.
Unfortunately, this metadata also reveals a lot about security vulnerabilities present in your browser, browser addons and your operating system. The code surreptitiously planted on a site by a bad actor relays this metadata to the server hosting the exploit kit. Server software uses this metadata to select malware tailored to your browser and delivers it to you without your knowledge. The malware auto-executes on your (unpatched) system after it arrives.
Now that you know how exploit kits work, a few defenses against them should be obvious. First, keep up with the latest security patches for your operating system, browser and other software. Exploit kits contain mostly exploits that have been known and patched for a long time. Using Windows Update in automatic mode will take care of your operating system. To make sure your installed software and browser addons are up to date and secured, see my article Computer Security: The Missing Link.
Other things you can do to harden your computer against malware attacks include:
-Disable unnecessary browser extensions and add-ons. Be especially careful of allowing addons to run in private browsing/incognito mode.
-Use HTTPS whenever possible, to encrypt your web browsing sessions. The EFF's HTTPS Everywhere extension is available for Chrome, Firefox and Opera browsers.
Following these practices will minimize the openings that your browser gives to bad guys. Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 9 Jun 2014
|For Fun: Buy Bob a Snickers.|
SNEAK PEEK: Apple's New Features
The Top Twenty
Do Health Apps Endanger Privacy?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- How NOT to Get Exploited (Posted: 9 Jun 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved