Monday, June 21, 2010

Anatomy of a Drive-by Browser Attack

This is a fascinating – if somewhat technical – explanation of a drive-by browser attack:

http://www.h-online.com/security/features/CSI-Internet-Alarm-at-the-pizza-service-1019940.html?view=print


It goes into detail about a few points we already knew: 1) it totally depends on javascript, 2) it exploits a Microsoft Windows vulnerability that was recently patched, and 3) the source of the attack comes from a .cn Chinese website.


What can you do?


1)      Consider using Firefox with the “NoScript” add-on to enable javascript only from web domains you trust.  Or, if you use another browser, there are ways to classify websites as “Trusted Sites” where javascript is allowed but disabled for all other sites.  (Firefox’s NoScript just makes this process a little easier.)


2)      Keep your Microsoft Windows patched and updated by applying the “Important Updates” Microsoft releases each week through its Windows Update functionality.


3)      Consider blocking all web traffic from .cn and .ru domains.  This requires some technical skill with your router and/or firewall.  I did it using my free OpenDNS account.