Malware prevalent on trusted Web pages

Five seconds into reading this story, a Web page somewhere will
become infected with malware or some other malicious code. That's
one of the conclusions of U.K.-based IT security firm Sophos in an
IT security report released on Wednesday.


"We found that there is an average of 16,173 infected Web pages
on a daily basis," said Sophos' Senior Technology Consultant Graham
Cluley in a phone interview from his office in London. "We arrived
at this conclusion from our labs around the world. We look at
millions of e-mails and Web page transmissions on a daily basis and
it averages out to one infected page every five seconds."


The threat report covers the first six months of this year and
according to Cluley and the report itself, the page infections are
occurring at a rate three times faster than the comparable period
in 2007.


The report identified the Windows OS as the largest target for
malware. It also found that 90 percent of infected Web pages
derived from trusted sites such as Facebook and LinkedIn, as well
as other oft-visited destinations.


The report pegged the do-it-yourself blogging portal
Blogspot.com as the top host for malware on the World Wide Web,
with an estimated two percent of the malicious software being
incubated and launched on that site alone. The study also mentioned
the astronomical rise of spam on mobile devices in places such as
China, where such junk mail messages grew to almost 354 billion in
2007.


The one major security theme in the report was the recent rise
in SQL injection attacks that exploit security
vulnerabilities in application code linked to a back-end database.
These attacks can provide an entrance for hackers, allowing them to
elevate their network privileges and change data fields.


"What we've seen with these attacks is that even if you clean up
the database and get rid of the virus there, it could either be
just a decoy for another injection attack or another virus will
come along soon," Cluley said.


At risk are traditional brick-and-mortar companies that have
decided to foster an increased presence on the Web. Their
e-commerce platforms could be vulnerable to manipulation by
hackers, the report stresses. In addition to applying security
patches, some enterprises should have a "security lock box" or Web
appliance as a buffer between the end user and the enterprises'
infrastructure.


The lessons particularly apply to small and mid-size
companies.


"Hackers have by and large stopped using e-mail as an entry
point and instead decided to frame their attacks in and around the
Web browser," Cluley further warned. "Big companies may have the
infrastructure and the money to act, but the real necessity here is
for small and medium sized businesses to reassess Internet
security. This is clearly an opportunity for channel partners as
well as enterprises themselves to collaborate and get involved,
whether it's a consultant for the business or an internal
mandate."


Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above