One of the things we do here at Lastline is to monitor drive-by-download attacks. These have become one of the most common and effective threats online: the idea is that attackers try to exploit vulnerabilities in user browsers and, if successful, manage to install malware on the victim machines. Afterwards, all kinds of bad things happen for the compromised machines: they most commonly become bots (or zombies) controlled by some botmasters, and start siphoning sensitive information off or sending spam.

From the point of view of an attacker, drive-by-downloads are quite simple: first, set up a malicious web site; second, wait for traffic; third, profit. Of course, attackers typically don’t just wait for traffic, but they actively try to attract potential victims to their malicious site.

An effective way of doing this is to take over a popular web site and to redirect its visitors to the malicious web site. A recent case in point happened yesterday, when, for a short amount of time, the web site of Stephenie Meyer — the author of Twilight — was compromised.

What happened at that point? 

During the time it stayed compromised, visitors to her web site received also an obfuscated piece of JavaScript code that redirected their browser to the malicious site spider.hitstrack.in (92.243.19.91):

The site was serving a number of exploits packaged in the exploit kit Crimepack, among which one targeting a vulnerability in old versions of the Java plugin (see the full Wepawet report):

The moral of this story: keep your software up-to-date and… stay away from vampires, werewolves and zombies!

Customers of our Previct tool are protected against this threat.