Wednesday, January 16, 2008

Scary World Ahead?!

No, I appreciate a good piece of FUD, but one of my 2008 predictions is coming to life with scary, scary speed!

I predicted that "Loss of trust towards legitimate Internet sites = yes. This is manifested by things like this point by the WS guys - more 0wned than malicious sites are used to spread malware. Even now I shudder from the thought that ANY site I visit might be displaying a malicious banner [or serving malware thru other means] ad which is either bought or "hacked in" by the attackers. The implications of this are pretty horrifying!" and it does worry me, but I am not yet truly paranoid about this.

OK, change that "am" to "was." Today I officially became Internet-phobic (where do I sign up? :-)) when I've heard (through a little birdie, as usual) that one of the security publication websites was 0wned (maybe thu banners? the details are not available yet) and serving malware. Nice! In a few minutes, I was also informed that one of the leading business publications is also serving malware. Fuck!

Yes, my personal system probably won't be 0wned by this, but many will be (IE users are clearly screwed, but I doubt that Firefox users or Mac fans will be immune either).

So, welcome to 0wned Internet 2.0, where every site is 0wned and is serving malware?

Bonus question: do you think major brand AV will protect you from the above?

UPDATE: a similar post from Andy, IT Guy called "Will Malware Kill the Internet?" is here. And another update on that from him (even more insightful)

UPDATE2: another fun one "Trend Micro Hacked - Serving Malicious Iframes"


kurt wismer said...

"Bonus question: do you think major brand AV will protect you from the above?"

maybe... if it implements an LSP and the vendor has made it a policy to generate signatures for exploits and downloader scripts in addition to traditional malware, and if the malware purveyor follows the usual modus operandi of using multiple (and often significantly less than completely new) exploits in order to pwn machines then it's quite possible an anti-malware product would be able to block it...

but that is a lot of "if"s...

Anton Chuvakin said...

That's a good point - also, if their heuristics (or embedded HIPS thingy) is good, it might work, actually.

Also, I have a complete trust that an AV vendor will clean it *eventually*, but blocking is more doubtful since the exploitation happens within the browser and the downloaded mal app is unique (no signature likely)

Dr Anton Chuvakin