10 Dangerous Web Malware Threats

Criminals are using SEO and social engineering to attract more targeted victims to fewer URLs.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

Posted August 16, 2010

Lisa Phifer

Lisa Phifer

Websites that spread malware may be leveling off, but Web-borne malware encounters are still growing. According to a 2Q10 Global Threat Report published by Cisco, criminals are using search engine optimization and social engineering to become more efficient, luring more targeted victims to fewer URLs.

Using IronPort SenderBase, Cisco estimated that search engine queries lead to 74 percent of Web malware encounters in 1Q10. Fortunately, two-thirds of those encounters either did not deliver exploit code or were blocked. But that means 35 percent of Web-borne exploits are still reaching browsers, where they try to drop files, steal information, propagate themselves, or await further instructions.

Browser phishing filters, anti-malware engines, and up-to-date patches can play a huge role in defeating malware reaching the desktop. However, to find unguarded vectors and unpatched vulnerabilities, let's look at how today's most prevalent Web malware works.

#10: Last on Cisco's list of 2Q10 encounters is Backdoor.TDSSConf.A. This Trojan belongs to the TDSS family of kernel-mode rootkits, TDSS files are dropped by another Trojan (see Alureon, below). Once installed, TDSS conceals associated files and keys and disables anti-virus programs by using rootkit tactics. Removing TDSS from a PC is difficult; using up-to-date anti-malware to block the file drop is a better bet.

#9: Ninth place goes to an oldie but goodie, Mal/Iframe-F. Many variants use this popular technique: inserting an invisible HTML <iframe> tag into an otherwise legitimate Web page to surreptitiously redirect visitors to other Websites. Hidden iframes may elude detection by the human eye, but Web content scanners can spot them and Web URL filters can block redirects to blacklisted sites.

#8: In a dead heat with Iframe-F is JS.Redirector.BD, a JavaScript Trojan that also redirects users to Websites they had not intended to visit. Like some other members of the large JS.Redirector family, this Trojan tries to evade blacklist filters by using obfuscation techniques like dynamically-generated target URLs.

Read the rest at eSecurity Planet.

Tags: security, security best practices, cybersecurity, malware, security breach

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.