Nine Ball - Security Threat
This text is taken from the Zone Alarm folks so of course they will push to buy or upgrade their products. A good router and up to date security software are a must, but still may not be enough to stop every threat. I recently worked on a system that had the Gumblar threat on it and the only recourse was to wipe out the system and start over from scratch. Nine Ball.
- Victim visits legitimate infected site.
- Victim is redirected to a series of different sites owned by attacker.
- The final redirect is to a malicious drive-by download site, which attempts to download malware to victim's computer through a number of exploits including MDAC, AOL SuperBuddy, Adobe Reader, and QuickTime exploits.
- The malicious programs typically attempt to steal information from the victim via a keystroke logger.
- Once a user has already visited the malicious web page, these repeat visitors are re-directed to the search engine site Ask.com. We assume this design is a technique to evade investigation.
- Over 40,000 legitimate web sites have been compromised.
- Multi-level redirection attack---victims are redirected to a series of different sites owned by attacker. Final site contains the malicious drive-by download and records visitors IP address.
- Detection by antivirus/antispyware programs is very low because attack uses random number generation to determine which malware to download, evading an obvious pattern that can be picked up by signature-based antivirus detection systems.
- Malicious programs typically attempt to steal information from victim via a keystroke logger. This information could potentially be used for financial or identity theft.