• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Kudos0

The Latest in the Threat Landscape - Web Based Attacks: February 2009

Normal 0 false false false EN-US X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

As we talk to consumer and enterprise customers, we are finding many don’t understand the risks of the Internet today, why their computers have been compromised or how the threat landscape has really changed.  The fact that just visiting your favorite Web site can either lead to malware silently being installed on your computer WITHOUT ever clicking on anything, or being plagued by misleading applications, such as fake antivirus software, seems to be a surprise to many users and IT managers.

 

 

With the increase in Web based attacks that users are being subjected to every day, we wanted to share timely data on the changing threat landscape and examine some of the factors and background information that have influenced the shift toward this type of attack over the last year. 

Our recently published Web based attacks white paper highlights some of the top Web threat trends that our security analysts have seen over the last year:

Normal 0 false false false EN-US X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

In researching the paper we realized that few Web sites are immune from being compromised and used as a host to deliver malware to unsuspecting visitors. During 2008, Symantec observed more than 18 million drive-by download attacks.  In just the last 6 months, we observed more than 23 million misleading application attacks.  These two attack types represented Web attacks from 808,000 unique domains, many of which are mainstream Web sites, including: news, travel, online retail, games, real estate, government and many others.

  

For this blog post, I was going to include a video showing what happens during a typical drive-by download attack—but the scary part is, there is nothing to show!  When your system gets compromised, there is usually NO indication – it happens silently without flashing lights or having to click on anything.   All it takes is one vulnerable browser, multimedia application, document viewer or browser plug-in and your computer can be compromised.   I spoke with one user who couldn’t believe that one of the top 100 sites on the Internet would be attacking HIS computer.  There was another customer whose own Web server kept attacking and infecting his computer. 

 

But it’s very real. Legitimate sites are compromised using popular techniques, such as malicious advertisements or “malvertisements” to attack your machine.  

Some users today may even be lulled into thinking they don’t need to  have  antivirus software with updated subscriptions since they haven’t ‘seen’ a virus in email recently.   I even heard one user state that “he is careful where he goes on the internet”   This isn’t enough.  Web based attacks are occurring everywhere and users’ computers are being attacked and infected in enterprise and consumer environments alike.

 

Yesterday’s technology won’t help you in protecting against this changing threat landscape.  There are many who are still relying on traditional signature-based antivirus software only to protect their systems.   The good news is there are advanced technologies and best practices available to better protect your system in today’s Internet environment.  You just have to use them!

 

Surf Safely,

John Harrison, aka "Dr. Drive-By"

Symantec Security Technology and Response

Message Edited by John_Harrison on 03-24-2009 11:13 AMMessage Edited by John_Harrison on 03-24-2009 11:26 AM

Comments

Kudos0

What concerns me is the growth of the fear industry.  The more people fear becoming infected, the more likely they are to be taken in by a misleading application.  People should understand that it is becoming more likely that they will, at some point in time, acquire some form of malware.  Rather than fear it, they need to be taught how to deal with it.

This educational process was successful in controlling email viruses and worms because the technique ceased to work.  The malware developers were forced to find new ways to distribute their wares and are now using several venues rather than just one.

A large part of this educational process is going to fall on the shoulders of the anti-malware developers, like Symantec, to inform users how to limit infection and to increase the confidence of the users in being able to remove infections from their systems. 

 Hopefully the forums contribute to thisl process and inform people in clear terms what they need to do to protect themselves as well as others.
Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0
From Kenneth Ellman

The Norton Symantec VRQ Tool can be a great assistance to detecting and removing malicious files and programs.
It would help many users if Symantec would provide some on line documentation and support for this VRQ Tool.
Perhaps someone can write an article on the VRQ and tips and advice on its use.
I learn more each time I use it, but some resources would greatly help Symantec customers.
Kudos0
I am a self taught computer novice. I really thought that i was smart enough to recognize any threats to my computer. I am here to announce, the pirates have methods that can throw anyone off. The immediacy of the warning they gave me was what really threw me off. You are about to lose all of your files etc. if you don't do this in the next few seconds! With the look of microsoft and the vital warning, they got me. I came right to Symantec to see what i could do. After reviewing the latest names of scareware that is published here, i realized that i was attacked by a new pirate. The name of this culprit to watch out for is REGISTRY BOOSTER.  
Kudos0
Normal 0 false false false EN-US X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

As we talk to consumer and enterprise customers, we are finding many don’t understand the risks of the Internet today, why their computers have been compromised or how the threat landscape has really changed.  The fact that just visiting your favorite Web site can either lead to malware silently being installed on your computer WITHOUT ever clicking on anything, or being plagued by misleading applications, such as fake antivirus software, seems to be a surprise to many users and IT managers.

 

 

With the increase in Web based attacks that users are being subjected to every day, we wanted to share timely data on the changing threat landscape and examine some of the factors and background information that have influenced the shift toward this type of attack over the last year. 

Our recently published Web based attacks white paper highlights some of the top Web threat trends that our security analysts have seen over the last year:

Normal 0 false false false EN-US X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

In researching the paper we realized that few Web sites are immune from being compromised and used as a host to deliver malware to unsuspecting visitors. During 2008, Symantec observed more than 18 million drive-by download attacks.  In just the last 6 months, we observed more than 23 million misleading application attacks.  These two attack types represented Web attacks from 808,000 unique domains, many of which are mainstream Web sites, including: news, travel, online retail, games, real estate, government and many others.

  

For this blog post, I was going to include a video showing what happens during a typical drive-by download attack—but the scary part is, there is nothing to show!  When your system gets compromised, there is usually NO indication – it happens silently without flashing lights or having to click on anything.   All it takes is one vulnerable browser, multimedia application, document viewer or browser plug-in and your computer can be compromised.   I spoke with one user who couldn’t believe that one of the top 100 sites on the Internet would be attacking HIS computer.  There was another customer whose own Web server kept attacking and infecting his computer. 

 

But it’s very real. Legitimate sites are compromised using popular techniques, such as malicious advertisements or “malvertisements” to attack your machine.  

Some users today may even be lulled into thinking they don’t need to  have  antivirus software with updated subscriptions since they haven’t ‘seen’ a virus in email recently.   I even heard one user state that “he is careful where he goes on the internet”   This isn’t enough.  Web based attacks are occurring everywhere and users’ computers are being attacked and infected in enterprise and consumer environments alike.

 

Yesterday’s technology won’t help you in protecting against this changing threat landscape.  There are many who are still relying on traditional signature-based antivirus software only to protect their systems.   The good news is there are advanced technologies and best practices available to better protect your system in today’s Internet environment.  You just have to use them!

 

Surf Safely,

John Harrison, aka "Dr. Drive-By"

Symantec Security Technology and Response

Message Edited by John_Harrison on 03-24-2009 11:13 AMMessage Edited by John_Harrison on 03-24-2009 11:26 AM
Kudos0

hi i' new at this but i wanted to tell you about a nasty pop up that appeared on my computer yersterday while browsing through some motorcycle hire webpages from western australia. it came up as a personal security box advising that i needed to do a scan and that there were major threats to my computer. i assumed that it was from the norton centre and mistakenly clicked on it. since then i have not been able to remove it either by doing a full norton scan which totally ignored it, then a full ad-aware scan which also ignored it. it then popped up with a fake scan data sheet with all these amazing threats on it then advised that i should purchase this software immediately or my computer would be useless. i tried refresh as all the desktop icon had vanished but when it rebooted the icon were only there for a moment before the pop up reappeared. i was able to access the internet using the icon in the bottom toolbar on my main screen but  2 seconds after my home page came up a blank red page came up warning that this site was unsafe and blocked me using it or accessing anything else on the net. i then shut down totally a couple of times, reaccessed the net and this time the blank red warning sign was flashing in the advert section of my home page. the fake security page has also blocked me accessing all my documents but not outlook express - i can still receive e-mails, but i can't delet it from the control centre - when i tried it just popped up again and said that there were threats. i clicked on the info line on the pop-up to see if it was actually a registered seller of security but the site it went to was a fake picture of a building with no address or business name, just a dummy line saying you needed to pay $59.95 now but no place to go to pay. i'm presuming this is just a nasty bug designed to make computer users life interesting. i have now taken my harddrive to a specialist to be de-bugged which is going to cost $$$. hope this story helps others to be wary of so called personal security icons.  

Kudos0

I just wanted to post this quick comment about a malicious email that I received.  Norton Anti-spam correctly flagged as a junk email but when I selected the email within my junk folder using Norton's "this is spam" the email somehow made MS message pop up saying that Outlook caused a problem and need to close the application (OS: Win XP).  Every time that I retried to mark as spam the same windows message.

The suspected email is from "HON.PAUL GODSWILL" with a subject line "Your kind attention:Beneficiary,Call me at +2348068401153 or pau..."

Needless to say I DID NOT open the email nor is viewed in the "preview panal".  I thought I should somehow let Norton (and others" know about this possible phishing email.

Thank you

Kudos0

Hello John

Perhaps I'm a year behind but I've just had an attack of this variety. (Feb 2010) I was directed to a website and various windows opened proposing that I should download something. I would like to know whether it would be useful to provide Norton with the web address to which I was redirected. More generally, how do I report other sorts of virus discoveries?

Kudos0

Hi, John,

Nice Blog.

I have to agree that I have been surprised when some people in the Norton Forums have said that you don't need Anti-Virus Products as "I haven't been Infected in five years of using no Anti-Virus Products".   Also in the Forums, some Users do seem to be totally un-aware of the Threat the Internet can be without Anti-Virus Products and not having up-to-date Signatures.  Some Users really do have to wake up and "smell the cheese" as it were!

Personally, I think symantec should move away from saying you are okay with two-week-old Virus Definitions and then after that, your system is Vulnerability; the same goes for Intrusion Prevention Signatures.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]