Symantec - Corporate Websites Used to Distribute Malware
The Symantec researchers state that there has been a dramatic rise in the volume of web-based threats across the Internet. In 2008, web attacks were launched from 8,08,000 distinct domains, with mainstream company websites being their prime targets.
According to Shantanu Ghosh, VP for Product Operations at Symantec (India), initially, viruses and malware were distributed through adult material, pirated software and gaming websites, but now the same is done through corporate websites that are more legitimate, as reported by The Economic Times on March 12, 2009.
Besides, the study also reveals that some of the recent attacks are made by SQL injections into mainstream websites. These attacks involve changes in the websites' source codes to insert commands that enable the attacker to gain control over the sites. Third-party advertisements or 'malvertisements' are also popularly used to divert end-users to malicious websites. Notably, in one instance, the Embassy of the Republic of Azerbaijan in Pakistan and Hungary has been controlled by the hackers who compromised it for infecting visitors with malware.
Commenting on this point, Vishak Raman, Regional Director of Fortinet (India), a threat management firm, said that Indian corporations were being increasingly targeted with malware attacks on their websites, as reported by The Economic Times on March 12, 2009. During January 2009 alone, an aggregate of 291 Indian corporate websites had been defaced. Out of these, 76% had been e-commerce sites like auction sites or those belonging to online retailers, while 24% had been sites for financial services, Raman said.
Meanwhile, organizations are facing another menace i.e. spam. Previously, staff members used to receive 2-3 spam mails per day, but now that has increased to 200-300 per day.
As a result, organizations have increased their expenditure on IT security. Even then, cyber criminals continue to target corporate sites. According to the security researchers, the situation may get worse as these attacks are expected to grow in the coming days since IT security expenditure in 2009 is going to be flat owning to the economic recession.
» SPAMfighter News - 20-03-2009