Sophos Reports Trends In Viruses, Spyware, & Spam

Wednesday, August 1, 2007

The first half of 2007 has seen an explosion in threats spread via the web, which has now taken over from email as the preferred vector of attack for financially motivated cybercriminals.  Indeed, in June alone Sophos’s global network of monitoring stations uncovered a record number of new infected webpages – approximately 29,700 – each day.  In contrast, earlier in 2007, the number of malicious pages detected stood as low as just 5,000 per day.  Sophos blocks access to millions of webpages to protect customers from malware and inappropriate content.  Taking a snapshot of just one million of those blocked webpages, experts found the following distribution :

million-snapshot-tn.jpg

Of the websites containing malicious code, just one in five had been designed specifically for malicious activity, with the remaining 80% made up of legitimate sites that have fallen victim to hackers.

By compromising a single file on a web server, cybercriminals can easily and quickly cross-contaminate a huge number of websites, as the infected file may form part of a plethora of unrelated pages, all of which are published from the same server.  The breakdown of the world’s top server types affected by web threats in the first six months of 2007 reads as follows :

web-server-tn.jpg

The top ten list of web-based malware hosted on these infected sites during the first six months of 2007 reads as follows :

web-malware-0707-tn.jpg

Mal/Iframe, which works by injecting malicious code onto web pages, dominates this chart, accounting for almost half of the world’s infected URLs.  Furthermore, it shows no sign of abating – in a recent potent attack, more than 10,000 web pages were infected, the majority of which were on legitimate webpages hosted by one of Italy’s largest ISPs…..

The first half of 2007 has seen cybercriminals using attachments in spam messages. To avoid detection by less sophisticated gateway filtering products, there is a growing trend for spammers to use PDF files carrying a graphical version of their marketing message, in their attempt to reach potential customers.  Hackers have also taken advantage of users who have “auto-run” enabled on their Windows PC to automatically execute malicious code as soon as an infected removable flash drive is connected to the computer.  Notable examples this year were the LiarVB-A worm which spread information about AIDS and HIV via USB keys, and the Hairy worm which claimed that teen wizard Harry Potter was dead.  However, neither threat became widespread and both could be protected against using up-to-date anti-virus software at the desktop……

Reference : http://www.sophos.com/pressoffice/news/articles/2007/07/securityrep.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: