Malware & Malpractise Revealed

The Register (technology news website) last year quoted a research report from the University of Washington, that revealed 1 in 20 files offered for download in a 5 month data sampling span contained sufficient number of malware. These covertly installed programs pose a real threat to surfers now and browser manufacturers have also started designing updates to stop this threat.

However, the study undertaken by Google researchers brought the issue of Drive-by downloads into limelight. Result shows that around 450,000 URLs actively involved in this malpractice. The study analyzed contents of billions of URLs and studied 4.5 million pages in-depth to reach the confirmed figure of sites, successfully launching malware binaries and a further 700,000 URLs were identified with similar threat but with a lesser probability.

The research talks about several Microsoft-technology related exploits such as Microsoft VM flaw, a vulnerability in Microsoft’s Data Access Components that allows arbitrary code execution and WebViewFolderlcon vulnerability. The research paper available over the Web shows actual code, snippets of code, obfuscation and argues that third party items over web pages are mostly responsible for introducing Drive-by downloads on websites. Say, a visitor tracking counters may turn malicious or advertising companies that fetch ads from a hierarchy of ad providers may start churning up bad content. In such conditions, an ad company down the chain may be pushing an auto-download up in a sub-syndicated JavaScript jump over to another JavaScript scenario.

The ideal solution to remove Drive-by downloads phenomenon is to scan the whole of web. But since it is not possible in near future, the solution is to keep the guards high and use common sense and obviously, avoid visiting too-good-to-be-true type of websites!’

Leave a Reply