Drive By Downloads
The concept of a drive by download is not a new thing in the Information Security field. According to Wikipedia
A drive-by download means two things, each concerning the unintended download of computer software from the Internet:
- Downloads which a person authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet).
- Any download that happens without a person's knowledge, often a computer virus, spyware, malware, or crimeware.
Drive-by downloads may happen when visiting a website, viewing an e-mail message or by clicking on a deceptive pop-up window: by clicking on the window in the mistaken belief that, for instance, an error report from the computer' operating system itself is being acknowledged, or that an innocuous advertisement pop-up is being dismissed. In such cases, the "supplier" may claim that the person "consented" to the download although actually unaware of having started an unwanted or malicious software download.
Recently, there has been an observed spike in the number of unblocked threats, viruses and malware detected on the University network, which is most likely the results of these types of exploits being used by attackers.
So, the question remains of how the attackers are getting onto our systems. Unfortunately, the biggest issue is caused by unpatched 3rd party software such as Adobe Reader, Adobe Flash, and Java being exploited by webpages which may or may not even know they are hosting malicious files.
As an example, the latest technical bulletin release from Oracle, which provides the Java software for Windows and Apple devices indicated that the issue they are addressing is being actively used on the internet and affects people without their knowledge or consent for the software to be running. Typically this is done by embedding a very small frame within another webpage (usually only 1 pixel by 1 pixel) which scans your computer for software versions and when it detects a vulnerable system, uploads a unauthorized piece of code which can do a variety of things to the infected system. These activities could include key loggers, fake antivirus, crimeware, ransomware, or other data stealing pieces of malware. Even legitimate sites such as youtube, or nbc.com can host these types of frames in advertisements and never be aware of the potential risk.
As a preventative measure, the IT Services department is strongly encouraging all users to check and patch their 3rd party software and apply updates as soon as they are available. For those users who do not require java, we are also recommending to disable or uninstall it from your systems. Users that utilize Banner Forms cannot perform this action as java is required in order to operate.
Currently the most recent revisions of software for common platforms are:
Version 6 Update 43: This is for systems that can't support version 7 yet, but it is the last supported release that will ever be available.
As always, if you have Information Security related questions, please do not hesitate to contact IT services for additional information.