Spyware Sucks

"There is no magic fairy dust protecting Macs" - Dai Zovi, security researcher and co-author of The Mac Hacker's Handbook.

"The Biblical wisdom “pride comes before a fall” needs to be foremost in the minds of security professionals. There are several aspects to this truth, but it starts with believing it is true. For one, the bad guys are always getting better and trying to get in. They are working harder than ever to defeat whatever you are doing to protect your enterprise. This knowledge alone will change your perspective on your job and when you are “done". What worked today may not work tomorrow. In this light, be careful about the promises you make to others regarding security and the protections you are deploying." - Dan Lohrmann

PATCH YOUR SYSTEMS!!!! Over 1 million myspace.com users infected by an old exploit...

Why don't people patch their machines?? Over one million visitors to various myspace.com pages have been infected via the WMF exploit that was patched back in JANUARY.

myspace_ad_served_adware_to_mo.html

This scares me.. Microsoft can only do so much to protect users from themselves. The use of this exploit has been such an amazing success for the bad guys that you can bet it is going to continue to happen. We can't depend on site owners to spot the bad guys when they try dirty tricks like this.

I see from the article that Webshots was also targeted.. another immensely popular Web site.

The days are gone where we can say that they don't have to worry about patching or antivirus protection because we only go to "safe" sites. These past six months or so have seen Web sites hacked and used to infect visitors, exploits being pushed out via pop-up advertisements and embedded ads and hardware driver updates being infected with viruses.

Basically, any site that shows advertisements, whether it be via pop-up advertisements (unless generated in-house) or embedded advertisements is a potential source of infection, so what do we do?

We can use a protective HOSTS file, such as that available at http://www.mvps.org/winhelp2002/hosts.htm, but the sites that serve up the bad stuff change from day to day. This may not protect you from cutting edge stuff.

We can use antivirus and antispyware, but such products are simply not detecting everything that is out there:
http://msmvps.com/blogs/spywaresucks/archive/2006/07/20/105331.aspx

It is imperative that computers are patched as quickly as possible after a security update is released. The time between an exploit becoming public, and it being used by the bad guys, is getting shorter and shorter.

Update to Internet Explorer 7 to reduce the attack surface available to the bad guys.

Another protective step is to block all advertisements. My firewall, for example, has an "HTML ad string blocking" option. If you don't see the banner ads, they can't infect you.

Use a pop-up blocker for the same reason.

To give you an idea of how widespread this problem is becoming, remembering that I hear about only a tiny portion of the attacks that are happening out there, here are some historical entries warning of various compromised sites and downloads...

Circuitcity:
http://msmvps.com/blogs/spywaresucks/archive/2006/06/02/98941.aspx

spreadfirefox:
http://msmvps.com/blogs/spywaresucks/archive/2005/07/24/59438.aspx

Capital City Bank, Wakulla Bank and Premier Bank
http://msmvps.com/blogs/spywaresucks/archive/2006/03/30/88498.aspx

Myspace again:
http://msmvps.com/blogs/spywaresucks/archive/2006/07/18/105039.aspx

Msblog:
http://www.msblog.org/?p=921

Debian:
http://msmvps.com/blogs/spywaresucks/archive/2006/07/13/104655.aspx

Messenger Plus! sponsor advertising sponsors serving malware:
http://msmvps.com/blogs/spywaresucks/archive/2006/06/30/103407.aspx

HP files infected with virus:
http://msmvps.com/blogs/spywaresucks/archive/2006/06/02/98682.aspx

Published Sat, Jul 22 2006 3:56 by sandi

Filed under: Security, safety and privacy on the Internet, Vulnerabilities, viruses and exploits