Last week a friend was searching Google images and with just one click on the wrong image, he was redirected to a malicious domain. Upon arrival at the malicious domain, a Java executable promptly downloaded, executed and immediately connected to a rogue IP address. One click on a rogue image was all it took for my friend to become automatically infected via a drive-by-download.
A drive-by-download is a program that is automatically downloaded to your computer without your consent.
Typical drive-by-download (URLWriteFileToDisk)
1-Browser loads the URL
2-Browser executes the exploit code
3-Next, browser executes the shellcode
4-The shellcode downloads malware to disk
5-Shellcode executes malware
Search result poisoning attacks are relatively common, but the vast majority of them are used to spread fake antivirus products, commonly referred to as scareware.
The Cocoon Solution
With Cocoon we make it simple. When you connect to the Web with Cocoon, the pipeline runs from the Cocoon servers to the web and not from your computer to the web. Cocoon enables you to browse securely, prevents automatic drive-by-downloads and is malware-free.