A recent study done by IT security company Sophos indicates that the first half of 2007 has seen a sharp rise in the number of web threats as well the countries and server types hosting the infected sites.
According to the Sophos Security Threat Report, there was an explosion in threats spread via the web, which has now taken over from email as the preferred vector of attack for financially motivated cybercriminals.
In June alone Sophos's global network of monitoring stations uncovered a record number of infected webpages - approximately 29,700 - each day. In contrast, earlier in 2007, the number of malicious pages detected stood as low as just 5,000 per day.
Sophos blocks access to millions of webpages to protect customers from malware and inappropriate content. Taking a snapshot of just one million of those webpages, experts found that 28.8 percent were hosting malware. A further 28.0 percent were blocked due to the adult nature of their content, most commonly because they were pornography or gambling sites. Pages set up by spammers accounted for 19.4 percent and 4.3 percent were classed as illegal sites, for instance, they were peddling pirated software or were phishing sites. Of the websites containing malicious code, just one in five had been designed specifically for malicious activity, with the remaining 80 percent made up of legitimate sites that have fallen victim to hackers.
More than half of all infected web pages were hosted on Apache servers whilst 34 percent of them were on Microsoft IIS 6 and 9 percent on Microsoft IIS 5.
"With a whopping 80 percent of all infected webpages found on legitimate sites, it begs the question as to why web hosts are not taking the necessary steps to properly secure their servers… Web hosts that are currently not behaving responsibly must bite the bullet and take better care of their sites,” said Graham Cluley, senior technology consultant at Sophos.
“Just using Apache on your web server doesn't mean you are now bullet-proof from hackers trying to plant malicious code on your site. It will be a wake-up call for some to see that malware is not just a Microsoft problem."
Mal/Iframe, which works by injecting malicious code onto web pages, topped the list of the top ten web-based maleware hosted on the infected sites with JS/EncIFra and Troj/Psyme trailing in second and third place respectively.
"Mal/Iframe is a textbook example of a spawning web threat that targets and exploits vulnerable sites regardless of whether the content is about pottery or pornography," continued Cluley.
"Web security solutions must go beyond blocking websites based simply on category - a gambling site may seem more of a threat, but sometimes the most innocuous sounding site can pose the greatest danger."
The reported also identified China as the country which plays hosts to the most number of infected web pages. Other Asian countries found on the list include Taiwan which came in ninth place and South Korea who took the tenth spot.
According to Sophos, China's dramatic rise in the chart is primarily due to widespread Mal/Iframe infections on Chinese hosted web pages. In fact, more than 80 percent of the country's compromised web pages are infected with this malware.
Another notable threat picked up by the security report was the growing trend for spammers to use PDF files carrying a graphical version of their marketing message, in an attempt to reach porential clients and to avoid detection by less sophisticated gateway filtering products.
Email threats continue to cause concern for businesses and, although they have become eclipsed by web-based threats, the actual amount of email-borne malware has remained constant during the past year. The proportion of infected email during the first half of 2007 was 1 in 337, or 0.29 percent of all messages. More than 8,000 new versions of the Mal/HckPk threat were seen during 2007, as it was used to disguise widespread email attacks like Dref and Dorf.
The full Sophos Security Threat Report, can be downloaded from:"www.sophos.com/securityreport" |
