Drive-by downloads are caused by URLs that attempt to exploit their visitors and cause malware to be installed and run automatically. Our analysis of billions of URLs over a 10 month period shows that a non-trivial amount, of over 3 million malicious URLs, initiate drive-by downloads. An even more troubling finding is that approximately 1.3% of the incoming search queries to Google’s search engine returned at least one URL labeled as malicious in the results page.
Ein Teil der Drive-by-Downloads erfolgt über eingeblendete Banner:
Today, the majority of Web advertisements are distributed in the form of third party content to the advertising web site. This practice is somewhat worrisome, as a web page is only as secure as it’s weakest component. In particular, even if the web page itself does not contain any exploits, insecure Ad content poses a risk to advertising web sites.
Die Verbreitungswege der Schädlinge können sehr vielschichtig sein:
Antiviren-Programme schützen nur mangelhaft gegen Drive-by-Downloads:
The graph reveals that the detection capability of the anti-virus engines is lacking, with an average detection rate of 70% for the best engine. These results are disturbing as they show that even the best anti-virus engines in the market (armed with their latest definitions) fail to cover a significant fraction of web malware.
Was kann man also machen, um sich zu schützen? Wie vor kurzem bereits im Beitrag über WoW-Trojaner erwähnt, sollte man nicht mehr mit dem Internet Explorer surfen, sondern mit Firefox und außerdem die Erweiterungen Noscript sowie Adblock Plus verwenden.