Drive-by attacks are back with a vengeance warns Kaspersky Lab

15 Mar 2011
Virus News

February saw an exponential increase in the volume of drive-by downloads according to Kaspersky Lab, following the release of its Monthly Malware Statistics for February 2011.

These attacks are particularly dangerous because they take place without the user’s knowledge and can be initiated from legitimate websites that have been hacked by cybercriminals. Visitors to infected sites are redirected to web pages containing script downloaders. Various types of exploits that launch script downloaders are quite often used to download malware to users computers.

In February, the majority of drive-by attacks made use of Cascading Style Sheets (CSS) to store some of the data for script downloaders. This new, enhanced method makes it much harder for many antivirus solutions to detect malicious scripts and allows cybercriminals to secretly download exploits.

According to Kaspersky Lab statistics, three entries in the top 20 malicious programs detected on the Internet in February corresponded to pages containing CSS data and a malicious script downloader. The script downloaders on these web pages initiate two types of exploits. One of them, which targets the CVE-2010-1885 vulnerability in Microsoft Windows Help and Support Centre, took 4th place in the top 20 ranking. On average it was detected on approximately 10,000 unique computers every day. The second type of exploit uses vulnerability CVE-2010-0840 in Java Virtual Machine and accounted for three entries (3rd, 7th and 9th places) in the rating of malware threats.

The February report also highlighted the menace PDF vulnerabilities. The number of unique computers on which PDF exploits were detected exceeded 58,000 during the last month.

A malicious packer that is used to help protect the Palevo P2P worm was detected on more than 67,000 computers throughout the month. This worm was responsible for the creation of the Mariposa botnet that was successfully shut down by Spanish police.

Kaspersky Lab has also warned about the growing threat of mobile malware after the discovery of a number of new malicious Android programs. Malware for the J2ME platform was also popular among cybercriminals, with Trojan-SMS.J2ME.Agent.cd, entering the Top 20 widespread vulnerabilities.

More detailed information about the IT threats detected by Kaspersky Lab on the Internet and on users' computers in February 2011 is available at: www.securelist.com