SBN

Breaking Down Drive-By Phishing Attacks

For the past decade, drive-by download attacks have been the bane of organizations’ IT department. These occur when adversaries place malicious Trojans inside seemingly innocuous websites in an attempt to infect any browser that opens them. If an employee doesn’t have a strong anti-malware software installed on his/her PC, he/she can be affected just by seeing the Web page.

Today, the threat has shifted to an even more dangerous avenue: phishing. A new class of drive-by phishing attacks have been discovered that affect users who merely view an email. If recipients have the preview pane activated, they don’t even have to open the email – they can get infected just by single-clicking the subject line.

How Drive-By Phishing Works

Just like a standard drive-by attack, these malicious email messages leverage JavaScript and HTML to distribute their payload. Because HTML display is rarely disabled in people’s email reading options, it’s easy for threat actors to find and victimize targets.

On most occasions, drive-by emails are received from senders unfamiliar to the recipient; however, they can come from trusted addresses as well. A trusted sender who has been infected can unknowingly start a chain of drive-by phishing attacks, resulting in a greater likelihood of recipients clicking on the link.

In addition, drive-by phishing attacks often show the following traits:

  • The subject line shows incorrect grammar or spelling
  • Senders “shotgun blast” a random group of recipients while failing to highlight anyone specifically. The lack of salutation in these emails is often a red flag
  • Not constructive or subtle: these emails often fail to realize that they have intelligent professionals on the receiving end

Until now, phishing attacks via email have required specific actions on the part of the recipient, who is tricked into downloading a malicious attachment or opening a hacked website. These (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/HzyrWAouxBA/