Using IronPort SenderBase, Cisco estimated that search engine queries lead to 74 percent of Web malware encounters in 1Q10. Fortunately, two-thirds of those encounters either did not deliver exploit code or were blocked. But that means 35 percent of Web-borne exploits are still reaching browsers, where they try to drop files, steal information, propagate themselves, or await further instructions.
Browser phishing filters, anti-malware engines, and up-to-date patches can play a huge role in defeating malware reaching the desktop. However, to find unguarded vectors and unpatched vulnerabilities, let's look at how today's most prevalent Web malware works.
#10: Last on Cisco's list of 2Q10 encounters is Backdoor.TDSSConf.A. This Trojan belongs to the TDSS family of kernel-mode rootkits, TDSS files are dropped by another Trojan (see Alureon, below). Once installed, TDSS conceals associated files and keys and disables anti-virus programs by using rootkit tactics. Removing TDSS from a PC is difficult; using up-to-date anti-malware to block the file drop is a better bet.
Read the rest at eSecurity Planet.