Security Fix Pop Quiz, Reality-Show Style
It's been a while since we published our last Security Fix Pop Quiz, a periodic exercise to see whether you've updated your computer with the proper security updates.
Usually when we do these quizzes I focus on the latest updates for third-party software programs, patches designed to guard against attackers who try to install malicious software using known security holes in these widely-used applications.
This time around, however, I want to give readers more perspective about why applying these updates are so critical, by looking through the lens of the criminal masterminds behind "Grum," one of this year's largest spam botnets, or groupings of hacked Microsoft Windows PCs typically used to relay junk e-mail.
But what exactly is it that makes this malware family so successful? Put simply, it observes the old adage, "If at first you don't succeed, try, try again."
Indeed, Grum is incredibly tenacious: the Web sites the Grum authors enlist to foist this bot program toss a veritable kitchen sink of exploits at visiting browsers, trying no fewer than 10 Web browser exploits. If one fails, the visitor's browser is served with the next exploit, until one succeeds.
Many of these exploits attack browser plug-in flaws that were patched months, if not years, ago. But it's important not to get too hung up on that point, because the botmasters who control this network could easily add a few more recent exploits at any time, since the whole process of trying each exploit only takes a second or two, according to Alex Lanstein, a senior security researcher at Milpitas, Calif., based security firm FireEye.
Also, while many of these exploits count on the visitor browsing with Internet Explorer, some may also work against users who stumble upon booby-trapped sites with Firefox or other browsers.
Here is a look at some of the browser vulnerabilities Grum tries to exploit (in no particular order). Does your machine have the latest updates for these applications?
It's no use trying to warn people about exploit sites, which change from day to day. All the bad guys need to do is embed malicious code in a widely-viewed Web site or cleverly-placed banner ad. From that point, the hacked site silently fetches the code from one of the countless exploit sites.
It's also not terribly easy to tell when your system is infected with a bot program. Most bot programs -- once they get their hooks inside a host -- bury themselves deep down into the operating system, and usually compromise security software on the victim's PC. That is why taking precautions to ensure your system is up-to-date with the latest patches is so critical.
Security Fix tries very hard to keep readers abreast of the latest security updates for widely-used applications, and of course updates for Windows and Mac operating systems. Another excellent resource for this information can be found in the free vulnerability scanning services offered by the security firm Secunia.
January 28, 2009; 11:13 AM ET
Categories: Latest Warnings , New Patches , Safety Tips , Web Fraud 2.0
Save & Share: Previous: Monster.com Breach May Preface Targeted Attacks
Next: Blogfight: IE Vs. Firefox Security
Posted by: eiverson1 | January 28, 2009 3:31 PM | Report abuse
Posted by: ThomasWhitney | January 28, 2009 4:48 PM | Report abuse
Posted by: Eremita1 | January 28, 2009 4:58 PM | Report abuse
Posted by: macoafi | January 28, 2009 6:26 PM | Report abuse
Posted by: featheredge9 | January 29, 2009 2:45 AM | Report abuse
Posted by: lembark | January 29, 2009 7:15 AM | Report abuse
Posted by: lembark | January 29, 2009 7:20 AM | Report abuse
Posted by: ericy | January 29, 2009 7:58 AM | Report abuse
Posted by: MayFran | January 29, 2009 8:24 AM | Report abuse
Posted by: g0th52 | January 30, 2009 7:14 PM | Report abuse
Posted by: Heron | January 31, 2009 2:29 PM | Report abuse
Posted by: Heron | January 31, 2009 2:37 PM | Report abuse
The comments to this entry are closed.