Preventative Measures for Drive-by Malware

Monday, October 12, 2009

Ron Lepofsky

My last blog discussed the financial motivation for creating malware.  This article identifies preventative measures that both end users and web site managers can implement to protect all concerned from the dangers of drive-by malware.

As a brief reminder, drive-by malware is:

A download which the user indirectly authorized by clicking on a link or by being redirected to a misleading link, but without understanding the consequences.  For instance the user could be installing an unknown ActiveX component or Java applet.   Or any of this happens without the user even knowing about it.

The damaging occurs when the download contains spyware, a computer virus or any kind of malware. Download of malware through exploitation of a web browser, e-mail client or operating system bug, without any user intervention whatsoever. Websites that exploit the Windows Metafile vulnerability may provide examples of “drive-by downloads” of this sort.

Common occurrences of drive-by downloads happen when a user:

Visits a website.Views an e-mail message.Clicks on a deceptive popup window believing that, for instance, it is a bone fide message while in fact they have just initiated a malicious software download.

Mitigation Steps Recommended for the End User

In order of simple to more complex:Do not store unencrypted personal information on a workstation.Use strong passwords for encryption, access to the workstation, and to any services or devices to which access would be granted by using a workstation.Do not use the same password for multiple devices / services.Change the passwords regularly.Do not open email from unknown senders.Never click on attachments or links embedded within emails, even when the emails are from friends.  A friend may provide an attachment or link that, unknown to them, is infected with malware.Do not go to unknown web sites that could be potentially dangerous.  If in doubt about the veracity of a web site, check its credentials on any number of black listed web sites; search black listed web sites.Do not assume that the web site of a small organization is less prone to malware.  The trend is for criminals to install malware even on small and medium size sites.Verify the certificates of web sites on which the user will be divulging confidential information and / or performing a financial transaction.  Where possible, I recommend, do the transaction by telephone, unless the end user is highly confident in the identity and reputation of the web site.Install an anti-malware package on each workstation.Use a browser with anti-malware features.Judiciously apply security patches to: Anti-malware software.Anti-malware features on a browser.Operating system software.All other application software.At the very least, install a personal firewall in front of any Internet facing workstation.

My Next Blog Article

Next week I will identify some of the technical vectors used to install malware on web sites and the preventative and restorative steps web site owners can implement.

Have a secure week.


Ron Lepofsky,

ERE Information Security Auditors.

Possibly Related Articles:
Viruses & Malware Enterprise Security
virus malware
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.