MX Logic
Resources Support Contact MX Logic Login
Search
MX Logic Advantage Services Technology Partners News & Events About MX Logic

MX Logic » MX Logic IT Security Blog
21 September 2007

The Power of the Web Borne Threat

We've been talking quite a bit lately about the move from "push" based malware to "pull" based. So I figured it was time to dedicate a full blog posting to it and its significance.

Again, pull based malware is generally web site hosted malware where the user "pulls" the content from the web site by virtue of visiting the site with their web browser.

This type of malware is especially dangerous for a couple of reasons:

-- It evades attachment filtering techniques (since there is no email attachment. The content comes via a web site link) -- The user generally has no idea that the site they visited is malicious -- Hackers can employ technologies like server side polymorphism to repack binaries for every download, thus rendering traditional signature based anti virus engines useless

We are starting to see more and more instances of common web site compromises where users can get infected without any lure (for example the 1st Congressional District GOP of Wisconsin was reported as compromised about a week ago by the same group that brought us the Storm Worm. In general, however these types of infections are still the exception, not the norm.

Speaking of the Storm Worm gang, they have actually created a hybrid between push and pull infections for some of their variants. These will look for a number of unpatched vulnerabilities on a victim's PC when launched and if it can't find any that it is looking for will direct the user to download and install the file manually. Even Vista's UAC system only provides rudimentary protection here. Since applications executed directly by the end user are considered trusted (Vista will ask you if you are sure you want to install the program, but who doesn't just click "Yes" to that prompt?) the user falls on their own sword and infects themselves. Nice, eh?

Typically when a user is being lured to a malicious web site multiple communication mediums are leveraged. Something has to let the user know that the site is available and accessible, right? That lure in many cases comes via email.

There is a distinct crossover between email and web defense solutions such the data collected from one can be used to make the other one more effective, creating a synergistic relationship between the systems. At least for the foreseeable future hackers are going to have to continue to use technologies like email in an attempt to get users infected. During that time having a solution which not only monitors and protects your inbound mail flow but also your outbound web browsing activities provides an effective defense-in-depth solution against malware and fraud.

Categories: Storm Worm Hackers Social Engineering Malware
Posted by smasiello at 2:53 PM | Link | 0 comments
Comments

No comments found.

Post a Comment
Name:   Required
Email:   Required your email address will not be publicly displayed.

Anti-spam key

Type in the text that you see in the above image:

Your comment:

Sorry, no HTML allowed!

Privacy Policy
© MX Logic, Inc.
All Rights Reserved.

MX Logic
9781 S. Meridian Blvd. Suite 400 Englewood, CO 80112
Toll-Free: +1.877.MXLOGIC