A new tool blocks files that try to install without alerting the user.
Researchers at SRI International and Georgia Tech are preparing to release a free tool to stop "drive-by" downloads: Internet attacks in which the mere act of visiting a Web site results in the surreptitious installation of malicious software. The new tool, called BLADE (Block All Drive-By Download Exploits), stops downloads that are initiated without the user's consent.
"When your browser is presented with an [executable file] for download, it's supposed to prompt you for what to do," said Phil Porras, SRI's program director. But software can also be pushed onto an unsuspecting user's computer without ever asking for permission.
In the fourth quarter of 2009, roughly 5.5 million Web pages contained software designed to foist unwanted installs on visitors, according to Dasient, a firm that helps protect websites from Web-based malware attacks. Such drive-by downloads target computers that are not up-to-date with the latest security patches for common Web browser vulnerabiltiies, or are missing security updates for key browser plug-ins, such as Adobe's PDF Reader and Flash Player. Attackers use software called exploit packs, which probe the visitor's browser for known security holes.
The research group has been putting BLADE through the paces since January, exposing a few virtual desktops equipped with the software to new exploit sites identified each day by security experts. Each malicious URL is tested against multiple software configurations covering different browser versions and common plug-ins.
So far, Porras said, BLADE has blocked all of the more than 5,150 malicious programs foisted by some 1,205 unique drive-by URLs tested. During the test period, Adobe's PDF Reader was by far the most-targeted browser plug-in, accounting for more than half of the applications targeted by drive-by exploits. Sun Microsystems's Java platform attracted nearly one quarter of all drive-by attacks, while the bulk of remaining exploits targeted vulnerabilities in Adobe Flash and Internet Explorer.
Robert Hansen, chief executive of the Austin, TX-based security firm SecTheory, said BLADE's approach appears unique, and that it may be effective at stopping drive-by downloads in the short run. That is, he said, until the technique is widely incorporated into commerical products. "Tools like this are great--they're another layer of protection, but they certainly aren't a panacea," Hansen said.
They get results by exploiting a social network's trusting environment.
Security researchers are also working to unravel the nature of the espionage.
After an attack that required staggering skill and resources, the company threatens to quit China.
Nothing self-loads or executes in OSX I believe. A command level code, or whatever they call it, is required.
Alas, not always true.
Safari (the Mac OS X default web browser) will, by default, automatically process some downloads. So it could still be possible to be affected by PDF bugs, or auto-executing disk images, etc.
'"Safe" files include movies, pictures, sounds, PDF and text documents, and disk images and other archives.'
Uncheck the "Open 'Safe' files after downloading" option, in Safari's General preferences, to turn that off.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
DigitalFoobar
2 Comments
UAC
The funny thing is that this functionality is already built into MS Vista and Windows 7 as user account control, which they can enable disabled whenever they want.
What is more funny, is that users complain because they have to hit one more button, which might take about 0.10 seconds, in order to better protect them.
Reply
infosec_pro
2 Comments
Re: UAC
for those who are not in a position to immediately upgrade their base platforms UAC is useless.
Reply