Stefan Tanase Kaspersky Lab
Half of the malicious programs that make up the Q2/2011 "Top 20 malicious objects detected on the Internet" are used in drive-by attacks in one way or another. These include script downloaders, redirectors and exploits which are injected in compromised legitimate websites. The number of drive-by download attacks continues to grow.
"Prevention is better than cure," goes an old saying - but reality shows us that on a global scale, current countermeasures are not enough. Prevention does not work in the real world, so we're left trying to curing the problem. Instead of blaming web developers, browser makers, hosting providers, security companies or even users, why not try a different approach? Why not try cleaning up the net? How hard can it be?
This presentation is a story of a challenge. The challenge of trying to clean up 100 infected websites in the least amount of time possible. Detailed and relevant statistics will be showcased together with pieces of malicious code and bits from the discussions with the webmasters. How hard is it to manually get in touch with each website owner, help them clean out the mess and try to gather as much information as possible about the incidents - scripts, logs or binaries? How many websites did we manage to clean? Is this thing scalable? And last but not least, how much fun can you have talking with webmasters?
