davidh
November 4th, 2010, 06:31 PM
Defeating Drive-by Downloads in Windows
Share |
Published: 2010-11-03,
Last Updated: 2010-11-04 02:05:47 UTC
by Kevin Liston (Version: 5)
17 comment(s)
The Problem
Drive-by Downloads have been a problem for a number of years now. This avenue of attack has become more popular as attackers have developed more techniques to direct visitors to their exploit websites. The three most common scenarios are: Search Engine poisoning, malicious forum posts, and malicious flash ads. These are complex, multi-step attacks that build upon each other to eventually install some sort of malware on the victim's machine. I call this series of steps the "Chain of Compromise" (I've also heard this described as the kill-chain.) It's our job as the defense to break that chain as early as possible. If we allow it to complete, then we have a real incident on our hands.
Countermeasures
There are a number of system countermeasures that you could use to defeat drive-by attacks. I've got an incomplete list below comparing their average cost to install, both monetarily and a vague measure of the amount of technical effort required.
http://isc.sans.edu/diary.html?storyid=9880&rss
Share |
Published: 2010-11-03,
Last Updated: 2010-11-04 02:05:47 UTC
by Kevin Liston (Version: 5)
17 comment(s)
The Problem
Drive-by Downloads have been a problem for a number of years now. This avenue of attack has become more popular as attackers have developed more techniques to direct visitors to their exploit websites. The three most common scenarios are: Search Engine poisoning, malicious forum posts, and malicious flash ads. These are complex, multi-step attacks that build upon each other to eventually install some sort of malware on the victim's machine. I call this series of steps the "Chain of Compromise" (I've also heard this described as the kill-chain.) It's our job as the defense to break that chain as early as possible. If we allow it to complete, then we have a real incident on our hands.
Countermeasures
There are a number of system countermeasures that you could use to defeat drive-by attacks. I've got an incomplete list below comparing their average cost to install, both monetarily and a vague measure of the amount of technical effort required.
http://isc.sans.edu/diary.html?storyid=9880&rss