Drive By Browser Attacks

Whilst it sounds like terminology used in a US crime drama virus attacks known as “drive by browser attacks” are increasingly common. In fact this method is one of the leading means of distributing malware around the web and they are quite hard to defend against.

What happens in drive by attacks is website A (the one you happen to visit) becomes compromised (the new word for hacked!), this hacked website then starts redirecting unsuspecting visitors all-round the web (there are normally 2 or 3 hops made in quick succession), until you end up at the dreaded “Malware Server” (sounds pretty ominous doesn’t it?) from which you download a virus of some description. Of course all of this takes place without you knowing. As you can probably see protecting against the attack at this level is really out of your hands as you are not the first weak link in the chain! What is important to remember is that ANY website can be a potential victim of this type of attack, in fact organisations such Amnesty International and the Centre for European Policy Studies have both been responsible for drive by attacks (just to clarify when I say responsible I don’t mean they started it! I mean those websites were hacked)

“How can I possibly defend against this onslaught?” I hear you cry. Have no fear all is not lost and there are a few ways in which you can help yourself. In this modern age of computing having an anti-virus programme is not enough protection, anti-virus programmes are common place these days and methods exist for would be attackers to create havoc with your PC. A key component of computer security is having an up to date system, because it is out of date software that lets viruses through your anti-virus programme. The 5 programmes to watch out for are;

  • Adobe Flash Player
    • o   Internet Explorer
      •  If you’re using a 64 bit system make sure you update both the 32 bit version and the 64 bit version
    • o   Other browser e.g. Firefox, Chrome, Opera
      • §  Again you will need to patch both 64 bit and 32 bit versions if using a 64 bit system
  • Adobe Reader
    • o   You might actually be better to use another pdf reader (foxit or cutepdf are two examples
  • Java
    • o   As with flash player you’ll need to make sure you have both the 32 bit and 64 bit versions of this software up to date if applicable to your system, unlike flash player you’ll only need one for both IE and the other browsers
  • Windows
    • o   This is reasonably self-explanatory. However we see countless systems that are lack some really crucial updates; just set it to automatic and check it weekly an you’ll keep yourself covered – if it’s not working you might be infected
  • Your anti-virus programme
    • o   Whilst the programme should be doing this automatically, you should manually check that this is up to date. It is a very common feature of more stealthy viruses to disable the update process on AV programmes

 

So quite a bit to do there, but it will keep you safer on the net. Of course you’ll need to check these things on a weekly basis (in busy week there can be several updates to be made to all of them) to ensure you have a secure system. What’s important to note is that my little list above is by no means complete, really it is going to depend upon what programmes you use as to what you will need to update. If all that just sounds like too much hard work or hassle then you could leave it up to us. Either of our ByteSafe Home or ByteSafe Home Premium packages automatically update software on your computer for you (more specifically the programmes you have) they also include top notch anti-virus software (that we use), we’ll even clean any viruses free of charge with our ByteSafe Home Premium Package!

Now finally (the moment I’m sure you’ve all been waiting for!) my top tip; this is a slightly more advanced technique but well worth knowing about if that sort of thing interests you! The idea behind this approach uses virtual machines and virtual applications. In a (very small) nutshell a virtual machine is like a having a computer within a computer, so the virtual machine (the guest) and your real machine (the host) carry out different processes and are separate from each other. By using a virtual machine to browse the net (whilst a little paranoid and slightly on the tin foil hat wearing side of the fence) you massively reduce the damage virus infection can cause, as if the virtual machine becomes infected you just delete and start again. If you want to be completely blasé about the whole thing you don’t even need to worry about anti-virus protection for a virtual machine (probably best to use one of the free ones though). It’s worth noting that this doesn’t render you immune, some viruses have been found to break out of these virtual environments. If you want to read a bit more into virtualisation of applications have a look on Google for Sandboxie, it’s well worth a look.

Leave a Reply

Your email address will not be published. Required fields are marked *