Drive-by downloads and fake archives top malware list

Kaspersky Lab experts provide insight into Malware for November 2010

December 6, 2010

Kaspersky Lab experts provide insight into Malware for November 2010

By far the biggest threat to users in November was drive-by downloads, attacks that result in malware being downloaded to users’ computers when they visit infected sites.

Below is a brief overview of how these attacks infect computers. First of all, a user visits an infected site that contains a redirect script. The redirect leads to a script downloader which in turn is used to launch exploits. These breaches allow malicious executable files to penetrate the computer. They are primarily backdoors and Trojans that, if successfully launched, give cybercriminals full control over the infected system. In most cases, users will not be aware of the danger, as all drive-by attacks happen without their knowledge.

Redirects are not restricted to sites belonging to cybercriminals but also appear on legitimate sites that have been compromised. This means that regularly installing patches and updates for operating systems and software is the only guarantee of avoiding infection.

The Top 20 malicious programs detected on the Internet in November included a total of nine exploits, three redirects and one script downloader that were used for carrying out drive-by downloads.

Another significant threat in November was the spread of fake archives, an online scam that remains as popular as ever. A user is asked to send premium-rate SMSs so they can access the contents of an archive. Instead of receiving the information they wanted, users normally find that the archive is empty, “corrupt” or, worse, contains a malicious program.

The method for spreading fake archives is highly effective – when users look for something via a search engine, a page is automatically generated with a banner offering the desired information.