New web threats gain momentum

Written by Eleanor Dallaway, InforSecurity  
(06/21/2007 )   
Original

Eighty per cent of infected websites have been compromised by a third-party hacker, according to the latest threat statistics from Sophos.

Carole Theriault, senior security consultant at high-security threat research centre, SophosLabs, says that only 20 per cent of infected websites have been intentionally hacked to lure in victims. “The other 80 per cent are victims, web pages that have been compromised by malware or a third-party hacker”.

At present there are 240,000 threats in existence, with the first few months of 2007 seeing a 150 per cent increase when compared with the same time period the year before. “Sophos are currently responsible for mitigating approximately 8,000 threats every month”, says Theriault, “we find just short of 10,000 new infected web pages every day”.

While web threats are gaining in momentum, email threats are becoming a lot less common. “In 2005, one in 44 emails was viral, now that figure is one in 312. The focus has now changed, so that email is being used to send spam to link to infected sites”, remarks Theriault.

It’s all about the money

“Once upon a time, malware was designed by adolescent guys trying to impress their mates. Now, the motive is financial, it’s always about money”, says Graham Cluley, technical consultant for Sophos. “Scareware, ransomware and industrial espionage are all gaining in momentum, generating revenue directly. We’re starting to see theft of online banking information, where the hacker literally watches over the victim’s shoulder as they enter their password”.

This is an example of the evolution of phishing. Originally, phishing involved sending fraudulent emails leading the recipient to fake bank websites, where they were asked to enter their account details. Now, it is increasingly common that malware spies on the user as they visit legitimate bank sites. “Some banks are responding with authentication devices, to generate one-time passwords, but this isn’t a 100 per cent cure against identity theft”, says Cluley.

Scareware is an increasingly common problem in which malware ironically plays on the public’s information security fears, while simultaneously justifying their worries. “Malware displays fake security warnings, encouraging innocent users to purchase bogus, infected anti-spyware software, and convincing them that their legitimate AV is rubbish”, explains Cluley.

So what’s next?

“Money is going to carry on dominating the market for a long time, and I think we’re going to see the rise of religious, terrorist and mobile malware”, concludes Cluley.

The Sophos biannual threat report will be available in full shortly.





More Links:
image
Contact us for help and product info
image
View our F.A.Q.section
image
Site Map
image
image
ght-allwebco.js"> ecent research by Gartner, the Web perimeter remains the biggest unprotected border within most organizations' networks today. Although most enterprises have URL filtering in place, fewer than 15 percent have adequate protection from Web-based malware. Gartner predicts that by the end of 2007, 75 percent of enterprises will be infected with undetected, financially motivated, targeted malware that have evaded their traditional perimeter and host defenses.

Doug Camplejohn is founder and CEO of Mi5 Networks, a vendor of Web security gateways.

© 2007 CXO Media Inc.





More Links:
image
Contact us for help and product info
image
View our F.A.Q.section
image
Site Map
image
image
"4" cellspacing="0" border="0" width="100%" class="footertext"> More Links:
image
Contact us for help and product info
image
View our F.A.Q.section
image
Site Map
image
image
;
by an attacker!

 


image
/font>被黑客攻击和