Author Topic: BLADE: Hacking Away at Drive-By Downloads  (Read 3176 times)

0 Members and 1 Guest are viewing this topic.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
BLADE: Hacking Away at Drive-By Downloads
« on: February 23, 2010, 07:07:32 AM »
Quote
The online version of Technology Review today carries a story I wrote about a government funded research group that is preparing to release a new free tool designed to block “drive-by downloads,” attacks in which the mere act of visiting a hacked or malicious Web site results in the installation of an unwanted program, usually without the visitor’s consent or knowledge.

The story delves into greater detail about the as yet unreleased software, called “BLADE,” (short for Block All Drive-By Download Exploits). That piece, which explores some of the unique approaches and limitations of this tool, is available at this link here.

As I note in the story, nearly all of the sites that foist these drive-by attacks have been retrofitted with what are known as “exploit packs,” or software kits designed to probe the visitor’s browser for known security vulnerabilities. Last month, I shared with readers a peek inside the Web administration panel for the Eleonore exploit pack — one of the most popular at the moment.

The BLADE research group has been running their virtual test machines through sites infected with Eleonore and a variety of other exploit packs, and their findings reinforce the point I was trying to make with that blog post: That attackers increasingly care less about the browser you’re using; rather, their attacks tend to focus on the outdated plugins you may have installed.

http://www.krebsonsecurity.com/2010/02/blade-hacking-away-at-drive-by-downloads/#more-1012
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: BLADE: Hacking Away at Drive-By Downloads
« Reply #1 on: February 23, 2010, 07:16:24 AM »
Quote
That attackers increasingly care less about the browser you’re using; rather, their attacks tend to focus on the outdated plugins you may have installed.

Makes perfect sense. Great post.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

CharleyO

  • Guest
Re: BLADE: Hacking Away at Drive-By Downloads
« Reply #2 on: February 24, 2010, 09:28:43 AM »
***

+ 1 ... thanks for the info, Frank.   :)


***

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: BLADE: Hacking Away at Drive-By Downloads
« Reply #3 on: February 24, 2010, 08:34:24 PM »
Hi FwF and CharleyO,

But Blade still has compatibility problems with other software, according to RSnake:
http://www.technologyreview.com/computing/24632/?a=f
How useful is a tool like this? Security Researcher Robert 'RSnake' Hansen goes on "This might work perfectly in a VM Laboratory situation, but it is quite something different to try it out on a user machine environment", says Hansen. According to his opinion it could well be BLADE ruins the functionality of legit applications. And also Sunbelt Software's Eric Howes warns for the danger of quite a number of FPs, in the case of a background application is trying to perform an update to just give an example of an incompatibility.

Then BLADE does not protect against social engineering attacks, where the user is being tempted to install malware, and threats that hide within memory. The tool has been designed that it blocks only while the malware writes to the user's HD. Most malware does this, but also threats are known that work only from within memory. Well the tool may be functional, according to Hansen. "These kind of tools are fine as an additional layer of defense, but it cannot be a cure-for-all-malcode." When the software will be out is not known yet,

pol
« Last Edit: February 24, 2010, 08:36:44 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!