Wednesday, February 24, 2010

How-to: Reduce Vulnerability to Drive-by Downloads

Is your computer more vulnerable to drive-by downloads than it needs to be? The type of drive-by download I am referring to is malware that is installed from a Web site without any user intervention through the exploitation of a vulnerable software installed on the computer. That is right. Your computer can be infected merely by landing on a Web page performing drive-by downloads.

In Stopping Stealthy Downloads, Brian Krebs provided statistics from Dasient indicating that "in the fourth quarter of 2009, roughly 5.5 million Web pages contained software designed to foist unwanted installs on visitors". Although, as explained by Brian, there is a government-funded research group that is preparing to release a new free tool designed to block drive-by downloads, what can you do until "BLADE" (Block All Drive-By Download Exploits) is available?

I hope Security Garden readers will recognize what they can do to help reduce their vulnerability to drive-by downloads after reviewing the statistics provided in the graphs by BLADE’s evaluation lab.

The first graph illustrates the browser infection rate per drive-by exploit. We can see at a glance that IE6 is far more susceptible to drive-by downloads than other browsers. The surprise, however, and one I was not expecting, is the high numbers for IE7 compared to Firefox 3 and IE8.

Now, dear readers, here is the big surprise. The BLADE lab provided information on the vulnerable applications most targeted in drive-by attacks. Surprise: Adobe and Oracle SunJava far exceed the figures of Internet Explorer.

The lesson from this information is obvious and one members of the security community have been harping at for a long time: Microsoft security updates are only one piece of the puzzle. It is also critical that other software be kept up to date. To reduce the vulnerability to drive-by downloads, use an up-to-date browser and ensure that other vendor software is also up-to-date.

Update/Upgrade your browser:
Adobe Products:

If you use Adobe products, be certain you have the most recent versions. Go to to get the latest versions. Also, if you downloaded either Adobe Reader or Adobe Flash Player for Windows prior to the release of Adobe Security Bulletin APSB10-08, released February 23, 2010, see the instructions here.

Oracle SunJava:

With Java, it is extremely important to check that old, vulnerable installations are no longer resident on your computer. Go to Add or Remove programs and uninstall any item listing J2SE or Java Runtime Environment in the name. Unfortunately, not every version of Java will begin with "Java" so be sure to read each entry in the list. Other versions may begin with JDK, JRE or SDK.

The latest version of Java SE is available from here. Select the JRE version and pay attention when installing the update, unchecking any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.


Graphs from BLADE Malicious URL Analysis

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: