KIRDA (2009b): "Mitigating Drive-by Download
Attacks: Challenges and Open Problems", unpublished manuscript.
McAfee today released the results of its Mobile Security: McAfee Consumer Trends Report, documenting sophisticated and complex risky apps containing multi-faceted scams, black market crimes, drive-by downloads
and near-field communication threats.
And, the new software, BLADE-short for Block All Drive-By Download
Exploits-is browser-independent and designed to eliminate all drive-by malware installation threats.
This silent, unsolicited download is known as a drive-by download
Enterprise users at risk for this drive-by download
have either the Windows 2000 or XP operating system, or Windows server 2003.
Nine Ball works as users visit one of the infected Web sites and are sent through a chain of redirections to sites owned by the attacker, before landing on the final drive-by download
The attack is a typical drive-by download
, where hackers infect existing Web sites - or set-up their own rogue Web sites - and then redirect or trick users into going to them.
These scans include searching for defacement, database vulnerabilities, application vulnerabilities, and drive-by downloads
Although removable media and local networks are still the primary method for spreading malware in the region, there is an increase in the use of drive-by downloads
which exploit vulnerabilities in browsers and their plugins.
The two main channels by which these threats proliferate remain the Internet and drive-by downloads
Today's smart phones are vulnerable to malicious activity such as phishing, scam websites and even drive-by downloads
where malicious codes such as Trojans can infect the device," he says.
Consumers and businesses would be well advised to consider real-time protection against drive-by downloads
and other infective methods that require no user interaction.
According to the company, online criminals are exploiting vulnerabilities in end users web browsers using drive-by downloads
in order to steal identities, gain access to online accounts and for other illicit revenue-generating activities.
According to the company, the new features of Norton 2008 products include: browser defender, which defends against drive-by downloads
and other new or unknown threats that exploit vulnerabilities in Internet Explorer; Norton Identity Safe, which protects personal information and identity when buying, banking or browsing online (included in Norton Internet Security 2008 only); one-click support; home network feature, which maps connected devices to provide a view of devices on the local network, and within Norton Internet Security 2008 also checks the status of wireless network security; as well as performance enhancements.
There might not be tire treads on a crunched keyboard or wailing sirens in the distance, but drive-by downloads
and identity theft aren't entirely minor events.