Drive-by attacks top malware stats
Drive-by attacks are currently the most popular way for cyber-crooks to infect uses’ computers.
This is one of the findings from Kaspersky Lab’s latest monthly report on malware activity.
Drive-by attacks are particularly dangerous because they take place without the user’s knowledge and can be initiated from legitimate Web sites that have been hacked by cybercriminals. Visitors to infected sites are redirected to web pages containing script downloaders. Various types of exploits that launch script downloaders are quite often used to download malware to users’ computers.
In February, the majority of drive-by attacks made use of Cascading Style Sheets (CSS) to store some of the data for script downloaders. This new, enhanced method makes it much harder for many antivirus solutions to detect malicious scripts and allows cybercriminals to download exploits without them being detected.
Three entries in the Top 20 most malicious programs detected on the Internet in February corresponded to pages containing CSS data and a malicious script downloader. One of them claimed first place, while the others came in at numbers 13 and 19.
The script downloaders on these malicious web pages download two types of exploits. One of them, which targets the CVE-2010-1885 vulnerability in Microsoft Windows Help and Support Centre, took fourth place in the same top 20 ranking. On average it was detected on approximately 10 thousand unique computers every day. The second type of exploit uses vulnerability CVE-2010-0840 in Java Virtual Machine and accounted for three entries (third, seventh and ninth places) in the rating of Internet-borne threats.
February showed that there are still potentially dangerous PDF vulnerabilities out there. The number of unique computers on which PDF exploits were detected exceeded 58 thousand in February. One such PDF exploit entered the Top 20 malicious programs on the Internet in eighth place.
A malicious packer that is used to help protect the Palevo P2P worm was detected on more than 67 000 unique computers throughout the month. This worm was responsible for the creation of the Mariposa botnet that was shut down by Spanish police a while ago. It seems likely that the recent spread of this packed worm is linked to an attempt by cybercriminals to create a new botnet or restore the old one.
February also saw the discovery of a number of new malicious programs for the Android platform. Malware for the J2ME platform was also popular among cybercriminals, with Trojan-SMS.J2ME.Agent.cd, for example, entering the Top 20 most widespread malicious programs on the Internet placed at number 18. Its main function is to send SMSs to premium-rate numbers.