informa
/
Risk
Quick Hits

Researchers To Hit Major Website In Drive-By At RSA

Speakers from Cenzic, Dasient will show how easy it is to infect a well-known site
If seeing is believing, then some RSA conference attendees could get a dose of religion on the threat of drive-by malware downloads next week.

In a session on Wednesday entitled "Drive By Downloads: How to Avoid Getting a Cap Popped in Your App," speakers Lars Ewe of Cenzic and Neil Daswani of Dasient will present a live download of a benign application onto a well-known website to show how easy it is to infect a legitimate site -- and all of its visitors.

The "attack" will take advantage of a cross-site scripting flaw to download a simple Windows calculator app that will not harm the site or its users -- but it will help to show why drive-by downloads are quickly replacing email attachments as the favorite method for spreading malware, the speakers say.

The operator of the site, which the speakers declined to name, has been notified of the XSS flaw and will initiate a fix as soon as the demonstration is complete, the speakers add. "One of the things that we're trying to show is that the level of sophistication required to do these drive-by downloads is not high, but the damage is maximum," says Ewe, who is CTO and vice president of engineering for Cenzic. "There are many ways that a site can get infected, and some of them are really not that hard to do. Yet they affect not only the site itself, but all of its visitors."

"What we're seeing is that drive-by downloads are becoming the method of choice for deploying new malware," says Daswani, CTO and co-founder of Dasient. "Yet a lot of companies still don't do very much with application security -- we need to get the word out that the attack pattern is changing. That's what this [presentation] will help to do."

The presentation will also demonstrate the pairing of tools like those from Cenzic -- which offers application scanning and remediation -- with services like Dasient, which offers malware detection and monitoring.

"We want to show the value of combining application scanning and patching with ongoing monitoring to create a more defense-in-depth approach," Daswani says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5