Check Point Software Technologies has announced that its ZoneAlarm ForceField technology protects consumers against Nine Ball, a multi-layered web browser attack, targeting legitimate web sites to redirect users to malicious sites owned by the attacker.
According to the company, Nine Ball malicious programmes attempt to steal information from users, for potential financial or identity theft use. By placing a two-way ‘bubble of security’ around the user’s browser, ZoneAlarm ForceField reportedly stops Nine Ball infected sites from being able to redirect the browser to other sites, or to download malicious programmes onto the consumer’s PC.
Check Point said that Nine Ball works as users visit one of the infected web sites – they are sent through a chain of redirections to sites owned by the attacker, before landing on the final drive-by download site. The downloaded malware attempts to infect user’s computer through a number of exploits including Adobe Reader, QuickTime, Microsoft Data Access Components (MDAC) and AOL SuperBuddy. The multiple redirections are designed to make tracking the attacker more difficult and occur in the background without the victim’s knowledge.
Ben Khoushy, vice president of endpoint products for Check Point, said: “In the past couple of years, more and more hackers have started targeting trusted web sites to distribute malware designed to steal financial or personal information.
Mass-compromise attacks such as Nine Ball, Gumblar and Beladen have already infected approximately 140,000 sites collectively. Once again, Check Point’s unique ZoneAlarm ForceField virtualised browser security solution provides the necessary protection against the continuously evolving ways hackers try to exploit legitimate web sites.”
