Do you know that there's a new computer virus variant being written or generated approximately every 15 seconds? As Internet users increase, the Web attack vector continues to grow. The list of top ten cyber threats has actually remained relatively consistent over the past 12 months or so, which shows that these methods are tried and tested and as far as the Malware author is concerned – they work.
The top three cyber threats are:
• Website attacks that exploit browser vulnerabilities
• Rogue AV
• SQL Injection
Browser vulnerabilities continue to plague unsuspecting users. These exploits may have been around for quite some time but they continue to pose a very current threat as new vulnerabilities are found and old vulnerabilities are not patched.
The technique is to hide a piece of malicious code on a web site which takes advantage of an existing software flaw in a web browser causing the browser do something. Java scripts and ActiveX controls etc are usually embedded in Web pages to provide a richer more interactive experience, but they can also be used by malicious authors to do not-so-wonderful things such as surreptitiously installing software on your machine or allowing a hacker to take control of it.
Legitimate sites have been compromised to lead to a handful of payload sites hosting the exploit code which targets msvidctl.dll - an ActiveX control for streaming video. Thousands of infected sites have been identified, which are pointing to a few dozen sites that have the exploits. It's not just Microsoft Internet Explorer that is the target for browser exploits. Opera version 9.5.1 enabled attackers to steal arbitrary samples of data in memory from desktops through specially crafted JavaScript code while recent vulnerabilities in Firefox provided attackers additional opportunities for spoofing by exploiting alternate names on self-signed certificates.
Rogue Antivirus threats are particularly cheeky as they feed anxiety over security while pretending to be your friend. This is a malicious product, pretending to be security software. It reports infections on your machine when there are none, and if you follow their advice to "clean" your computer, you frequently end up actually paying for them to install Malware onto your machine.
Rogue AV: It can be pedaled in the most surprising places. With no user interaction, a file is installed in the user's temporary files folder, two additional files are dropped onto the user's machine and bound to startup, and the host file is modified so that if the user tries to browse to popular software download sites to remedy the infected machine, they are instead directed to a malicious Web site offering further rogue AV downloads. If the user chooses to register the rogue AV, a connection is made to which has been setup to collect payment details.
SQL injection is similar to the browser exploit in that it relies on existing software flaws, but this time looking for security vulnerability in the database layer of an application. It can occur whenever one scripting language is embedded inside another, Malicious code is injected into a program which changes the expected course of execution. Hackers search for Web sites vulnerable to SQL injection attacks. The malicious hackers' try to break into web sites, where prospective victims visit, and plant a small code snippet that is obfuscated, so that its true intention is not obvious. This code will pull more of itself from another web site (set up in advance by the attackers). Only a small stub is placed at first, so that it easily goes unnoticed.
When an unsuspecting victim visits the compromised web site, the victim's computer silently pulls exploit code from the malicious server set up by attackers and attempts to execute these instructions. The malicious JavaScript code typically attempts to exploit multiple bugs in various applications on the victim's machine, such as Adobe PDF, Adobe Flash, and even operating system bugs (such as unpatched vulnerabilities in Microsoft Windows). With the Trojan now happily residing on the victim's machine, the attacker is free to pilfer juicy PayPal, eBay, Facebook/ MySpace, Web email, and banking passwords from the victim. What a nice recurring revenue stream!