However, the most nefarious way to draw victims to booby-trapped DbD web sites is the watering hole attack. All the methods described previously depend on getting someone to a site that they may not visit on their own accord… but what if you could hijack a site they frequented regularly? Just like the lions stalking prey in the Savannah, hackers know that if they can poison your favorite “watering hole” web site, you’ll surely stumble upon their DbD code.
The attackers search for web application vulnerabilities in popular and legitimate web sites, such as SQL injection (SQLi) and cross-site scripting (XSS) flaws, then exploit these problems to inject malicious code into the legitimate site, redirecting anyone who visits the site to malicious DbD code.
In the past, I could warn you against visiting sordid web sites to avoid DbD attacks. However, today any site on the Internet—even the ones you trust the most—may have been hijacked and could be hiding a drive-by download.
Part of being a good spy is understanding your adversary’s techniques, and then learning the tradecraft that can protect you in the field. Now that you know what a drive-by download is, and how they work, here’s a few cyber tradecraft tips that will protect you online:
Patch, patch, and then patch some more – In “computer-ese,” patching means to apply the latest updates to your computer software. As mentioned, web sites can’t forcefully download software to your computer unless they can take advantages of programming flaws in the software you run. Many of the DbD attacks seen in the wild exploit flaws that vendors have already fixed. If you keep your software up to date, most of attacks will fail. Obviously patch you web browser, but also know hackers are focusing on exploiting Java and Flash vulnerabilities lately. You should patch these packages just as aggressively as the browser itself. In fact, I would recommend disabling Java if you can.
Don’t click unsolicited links – Simply put, avoid clicking unsolicited links sent to you via email and IM. I probably can’t convince you not to click on links from your friends (or ones that seem like they come from your friends), but at least remain wary of them, and look at the URL for the link before clicking it. I would also be careful around shortened links, and leverage tools to expand and preview these links before following them. Here’s a quick tip; if you add a “+” character to the end of a bit.ly link, you will see a preview of the actual URL before visiting it.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.