Drive By Malware: Are You Infecting Your Customers?

Sunday, October 17, 2010

Jason Remillard


Drive By Malware: What do my customers' websites look like to their customers?

Over the past year and half in our operations, we are finding that there are more and more infections going around, and perhaps not surprisingly, customers don't understand the true impacts of an infection. 

As depicted below, your customers may be presenting an excellent, professional and polished image.

However, as their customers are 'browsing' the scary stuff is happening behind yours and their backs! 

The virus attacks their desktop, depositing its nastiness and spreading from there.


This happens for all of the visitors to their site. Sometimes, they will have anti-virus software that detects the malware (which is good for them, bad for you now that they know this about you).

Sometimes, the malware is so new, or they don't have AV software running - the virus slips through and gets installed. And that folks, is how drive-by malware works.

Simple browsing enables the spread of the infection - regardless of how pretty, fast or unique your site is.

This is why - even when we've cleaned up a site - we already recommend 'regular protection' - in this case regular malware scanning and detection.

The insertion points are wide and varied (could be your code, your server, your ad network or even your own PC). 

Simply put, you don't want to risk your whole business without the insurance and protection of a malware detection system for your customers. 

You're going to want a partnership in place soon, as we are seeing several hosters and niche players going co-brand or private label for this solution to add to their service options.

Possibly Related Articles:
Viruses & Malware
Post Rating I Like this!
Anthony M. Freed They are theorizing that the next generation of malware will be intelligent and apply social engineering tactics. In this way, the malware will simulate a more natural pattern of interaction via social networks so as to avoid detection for a longer period of time, subsequently inflicting more damage before it is recognized and neutralized:
Tom Caldwell I agree with Anthony and Jason...The more passive malware is being delivered via e-mail and other "social engineering" means, such as the bogus linked in messages and other fake offerings (iPhone/iTunes/Any Popular Topic/etc/etc). These are getting many clicks/.exe's and scripting downloads which then result in an infection, mutation, and further malicious damages of all types!

Traditional signature based anti-malware programs certainly 'help' but no single program or service is resilient or completely comprehensive, nor can it (they) keep up with the large amount of growing signatures. The machine and HUMAN USER must be quarantined off from their own computer...without limiting functionality.

As many have said, the internet will eventually be separated off in good/bad neighborhoods where you are just forced to avoid those "dangerous" areas, be it via technology or system/network policy.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.