Now hackers are infecting computers via drive-by downloads
, which don't require a user even to click a link or download an email attachment to let a bug in.
KIRDA (2009b): "Mitigating Drive-by Download
Attacks: Challenges and Open Problems", unpublished manuscript.
McAfee today released the results of its Mobile Security: McAfee Consumer Trends Report, documenting sophisticated and complex risky apps containing multi-faceted scams, black market crimes, drive-by downloads
and near-field communication threats.
victimize users by quietly scraping their machine for any usable personal information, leading to financial fraud and any number of other possibilities.
And, the new software, BLADE-short for Block All Drive-By Download
Exploits-is browser-independent and designed to eliminate all drive-by malware installation threats.
EoACA[pounds sterling]Exploiting thisEoACAolikely through a drive-by download
attackEoACAowould give an attacker near system-level privileges.
If anything, there are probably more "lures" of all types being generated, but with the destination being an exploit site with a drive-by download
that infects users directly with malware, rather than a phishing site that attempts to steal credentials via social engineering.
The style of attack is known as a drive-by download
and is common on the desktop: When someone visits a hacked website, malware can transparently infect the computer if it doesn't have up-to-date patches.
A drive-by download
This silent, unsolicited download is known as a drive-by download
Enterprise users at risk for this drive-by download
have either the Windows 2000 or XP operating system, or Windows server 2003.
Nine Ball works as users visit one of the infected Web sites and are sent through a chain of redirections to sites owned by the attacker, before landing on the final drive-by download