Microsoft improves SmartScreen
SmartScreen technology is a Windows security component that is used to protect the user from running suspicious executable files and visiting malicious resources. The component originally appeared for Internet Explorer 8 and allowed it to notify the user about visiting doubtful resources on the basis of a special updated Microsoft database. Starting with Windows 8, this component has also become an integral part of the OS, increasing the OS security by blocking the launch of questionable executable files.
A few days ago, Microsoft announced the improvement of SmartScreen, which aims to block drive-by-download attacks, which are so popular with cybercriminals today. This type of attack allows attackers to automatically install malware on a user's computer using an exploit when they visit a compromised website.
')
For a drive-by download, as a rule, an RCE-exploit is chosen either for the web browser itself, for example, Internet Explorer, or for a popular plugin, for example, Adobe Flash Player, Oracle Java. An exploit can use both the zero-day vulnerability and the vulnerability for which the vendor has already released a fix. Exploit kits are involved in the drive-by download implementation, which allows attackers to use not one, but several different exploits for different products and their versions.
Microsoft indicates that the SmartScreen blocking malicious elements used in the drive-by download uses service data and telemetry data collected from various sources, including Edge and Internet Explorer web browsers, Bing search engine, Windows Defender protector, and also EMET.
Fig. SmartScreen attack drive-by blocking window on Edge web browser.
SmartScreen is enabled by default and will also alert the user to the presence of potentially malicious frames on IE 10.11 or the Edge web page loaded by the browser. The enhancement was delivered to Windows 10 users as part of a major update to OS 1511.
A few days ago, Microsoft announced the improvement of SmartScreen, which aims to block drive-by-download attacks, which are so popular with cybercriminals today. This type of attack allows attackers to automatically install malware on a user's computer using an exploit when they visit a compromised website.
')
For a drive-by download, as a rule, an RCE-exploit is chosen either for the web browser itself, for example, Internet Explorer, or for a popular plugin, for example, Adobe Flash Player, Oracle Java. An exploit can use both the zero-day vulnerability and the vulnerability for which the vendor has already released a fix. Exploit kits are involved in the drive-by download implementation, which allows attackers to use not one, but several different exploits for different products and their versions.
SmartScreen helps to avoid impacting browsing performance by creating a SmartScreen service. If you’re on your own, you’ll be able to keep track of your content.
Microsoft indicates that the SmartScreen blocking malicious elements used in the drive-by download uses service data and telemetry data collected from various sources, including Edge and Internet Explorer web browsers, Bing search engine, Windows Defender protector, and also EMET.
Fig. SmartScreen attack drive-by blocking window on Edge web browser.
SmartScreen is enabled by default and will also alert the user to the presence of potentially malicious frames on IE 10.11 or the Edge web page loaded by the browser. The enhancement was delivered to Windows 10 users as part of a major update to OS 1511.
Source: https://habr.com/ru/post/273697/
All Articles