Architecture, Application Security

Finjan: Developed countries host the most malware

March 28, 2007

Malicious code is more likely to be hosted on local servers in the United States and United Kingdom than in countries with less developed law enforcement policies, according to the latest report from Finjan.

The report claimed hackers are also using increasingly sophisticated techniques, including embedding malicious software within legitimate content, such as ad delivery or translation services, and operating in regulated countries, with more than 90 percent of malicious URLs uncovered on servers located in the U.S. and U.K.

"The results of this study shatter the myth that malicious code is primarily being hosted in countries where e-crime laws are less developed," said Yuval Ben-Itzhak, Finjan CTO. "Unfortunately this means that the traditional location-based reputation heuristics are decreasingly effective against modern attacks."

The research analyzed more than 10 million unique URLs in the U.K. and found that more than 80 percent of the malicious code detected by the vendor was obfuscated, making it easier to avoid detection in pattern- or signature-based anti-virus filters.

Advertising is the type of content holding the most web addresses with malicious programs — 80 percent of all — according to the study. Malicious software is expected to be found on legitimate websites as much as disreputable pages, such as pornography or free downloads.

"The fact that malicious code is just as likely to be found in legitimate categories as in questionable types means that security products that rely solely on URL groups to block access to malicious sites are no longer effective," said Ben-Itzhak.

A recent study from Sophos showed that the U.S. is still the world’s leader in spam production, accounting for 22 percent of the world’s junk email.

 

 

Looking for a new job? SC Magazine has the latest IT security employment opportunities. Click here for our Jobs page.

prestitial ad