|
407% rise in malware websites
06/05/08
ScanSafe
reports that 68 per cent of all Web-based malware it blocked on
behalf of its corporate customers in May was found on legitimate
sites, up more than 407 per cent compared to May 2007.
The increase is the result of an unprecedented series of attacks
that have outfitted hundreds of thousands of legitimate sites with
malicious scripts and iframes designed to silently deliver password
stealers and backdoors to visitors’ computers.
“The
compromise techniques being used now allow hackers to quickly
‘colonize’ thousands of legitimate sites, from big brand name sites
like Wal-Mart, to smaller but equally legitimate sites,” says Mary
Landesman, senior security researcher at ScanSafe.
The Security brief is based on a comparison of the Web-threat
landscape in May 2007—six months before these large scale
attacks—with data from May 2008. It is based on the more than 10
billion Web requests ScanSafe scans each month for its corporate
customers in more than 60 countries.
Specifically, the company reported a 220 per cent increase in the
amount of Web-based malware—viruses, Trojans, password stealers and
other malicious code. The fastest growing category of threats is
backdoor and password-stealing malware, which increased 855 per cent
from May 2007 to May 2008, putting sensitive corporate data at
serious risk of theft.
The Web was riddled with compromised sites in May 2008, largely as a
result of ongoing SQL injection attacks that began in late October
2007 affecting hundreds of thousands of websites. In parallel,
another highly prolific series of attacks have been rendered through
the use of stolen FTP credentials. Among legitimate sites
compromised in May 2008 were Nature.com, Foofighterslive.com,
Thecareercompany.co.uk, Acer.co.th, Webster.edu and Photopass.com.
“Over the last year malware authors have moved away from direct
attacks—attacks in which they directly interact with victims, via
social engineering for example—to indirect attacks accomplished
through compromised websites. These indirect attacks not only
leverage stealthier techniques, like the insertion of an invisible
iframe, but they leverage legitimate, name brand sites that Web
surfers implicitly trust. The net result is that you absolutely
cannot assume that because you are on a brand name or well known
site that it is a safe site. We’ve been saying this for some time
but it bears repeating in light of this astronomical increase.
Currently, thousands of legitimate sites are being compromised
daily,” says Landesman.
For a copy of the ScanSafe STAT Security Brief: A Comparative Look
at the State of Web Security, May 2007-May 2008, please visit
http://www.scansafe.com/threat_center/threat_alerts/stat_sec....
Nick Gibson, editor
|
