Back before most of your smartphones were born, people used to install their own malware. This mostly happened through opening email attachments cloaked to hide the fact that it was malware. While this method is seeing a bit of a renaissance with some savvier delivery methods, people are far more aware that clicking on attachments they weren’t expecting could unleash a digital nightmare.
Online crooks. have adapted. They’ve figured out ways to avoid user precautions and install their malware for you…
Meet the drive-by download.
1. F-Secure Labs has seen this sort of attack for more than half a decade.
“The criminals’ new preferred way of spreading malware is via drive-by downloads on the Web,” Mikko Hypponen wrote in March of 2008. “These attacks often still start with an e-mail spam run but the attachment in the e-mail has been replaced by a web link, which takes you to the malicious web site.”
By simply clicking on an email, a website or a pop-up window, you could be inviting rogue software in. If you hear a major site was serving up malware through bad ads, chances are a drive-by download was involved.
It’s been used to get PCs “stoned“, has evolved into a mobile threat and was the method used to spread the largest Mac threat ever — Flashback. It’s even utilized by the FinFisher attack tools marketed for use by governments and law enforcement.
2. It takes a village (or at least an infrastructure) to make it work.
“The threat is an ecosystem – there are lots of players,” Security Advisor Sean Sullivan explained. “For example, the bank robber somehow buys a list of email addresses and would then hire a spammer who spams, and the spam links to the hired exploit kit vendor who drops a trojan-downloader (which was bought from some other vendor), and then the trojan-downloader downloads and installs the bank robber’s trojan (which is also likely based on a kit, such as ZeuS).”
3. It may be smarter than your anti-virus.
This threat is engineered to get around your security software and any security training that you have. Keeping all your software updated all the time is a necessary precaution. But these attacks tend to involve exploit kits that could target any and all vulnerabilities.
Make sure your security software uses multiple methods to protect against both known and unknown threats.
Timo Hirvonen — keeper of F-Secure’s nearly mystical Deepguard — told me, “It’s a prime example of a threat where all our protection layers contribute to protecting the user.”
If you woke up from a ten-year long nap this morning, you might be surprised…
July 26, 2017