Application security, Security Strategy, Plan, Budget

Sophos: Sharp increase in web-based malware this year


The number of malicious websites jumped dramatically during the first six months of this year, Sophos' midyear threat report shows.

Ron O’Brien, senior security analyst at Sophos, told on Wednesday that his firm first saw a jump in malicious sites this spring.

The number of websites Sophos was blocking jumped from about 5,000 per day a year ago to 29,700 by this spring, he said.

"Looking at the results," O'Brien said, "it's pretty obvious that without appropriate levels of security, the web is not a safe place to play."

O'Brien said that when Sophos took a "snapshot" of a million websites, only about 20 percent did not contain some form of malware, inappropriate "adult" content such as pornography or gambling or spam-related content. The breakdown: almost 29 percent hosted malware, 28 percent porn or gambling and 19 percent spam.

Most of those are legitimate, mom-and-pop websites that have fallen victim to hackers, said O'Brien.

"This harks back to the time when everyone with a small business had to have a website and rushed to put up do-it-yourself websites," he said. "They don't do a lot to maintain those sites, and they have become a breeding ground for the malicious websites we found."

According to O'Brien, this rate of infection tells "owners and hosts of websites that they should do everything in their power to bring the situation under control."

Of the malware-containing web-server software, the open source Apache product was most-often compromised, according to the report. The fact that 51 percent of all infected websites are on Apache - 43 percent are on Microsoft's Internet Information Server - indicates that infection is no longer just a Windows issue, Sophos noted.

The most-common infection was what Sopohs termed Mal/lframe, which injects malicious code onto servers. This accounted for 49 percent of the infected URLs.

Sophos indicated that the Mal/lframe infection "shows no sign of abating - in a recent attack, more than 10,000 web pages were infected, the majority on legitimate webpages hosted by one of Italy's largest ISPs."

China is easily the No. 1 host of malware-infected webpages, with 54 percent of all on the web. The United States is second, with 27 percent, and Russia and Germany are a distant third and fourth, with 4.5 percent and 3.5 percent, respectively.

Sophos also noted the shift by cybercriminals to use PDF attachments with graphics in their spam emails, to avoid detection by less-sophisticated filtering products.

Hackers have begun taking advantage of Windows' "auto-run" capability to automatically execute malicious code when a removable flash drive is attached to the computer.

Examples of that method included the LiarVB-A worm, which spread information about AIDS and HIV via a USB key, and the Hairy worm, claiming that the fictional Harry Potter character was dead.

Although web-based vulnerabilities have eclipsed them, email threats continue "to cause concern for businesses," said Sophos. The company saw more than 8,000 new versions of the Mal/HckPk threat used to disguise widespread email attacks, such as Dref and Dorf.

Click here to email West Coast Bureau Chief Jim Carr .

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.