Sophos – Malware Infects New Website in Every 3.6 Seconds

Sophos, which has just issued its Security Threat Report for July 2009, points out that the single largest online threat during January-June 2009 were from infected websites, and the mediums through which this threat had grown most effectively were social networking and Web 2.0 technologies.

The report said - there were about 23,500 infected web-pages identified every day, in other words, a new infected page discovered every 3.6 seconds. This rate of infection was more rapid than it had been during January-June 2008 when there was a freshly identified infected site every 4.5 seconds, said Manager Richard Wang at Sophos Labs (US), as reported by SCMagazine on July 22, 2009.

Wang added that compromised websites were likely to be the most frequent threat faced by people.

In the recent months, there have been frequent alerts from security companies about multiple hijacking of websites in the successive Gumblar, Beladen and Nine-Ball attacks. All the three attacks reported to have compromised several thousand lawful websites through the injection of special code, which diverts users to malicious software, Sophos' investigators stated.

Another problem that causes organizations to increasingly worry about is attacks emerging from social-networking websites. Moving ahead, cyber criminals would go on experimenting with various methods based on Web 2.0 technology like developing code, which would effectively function from one end to another of a social network.

However, Graham Cluley, Senior Technology Consultant at Sophos, said that the above trend largely resulted from the social-networking websites' own insufficient security for the sites' users, as reported by SCMagazine on July 22, 2009.

Hence, security specialists are recommending that social networking service providers actively scan all messages that leave their sites in a more secure manner otherwise there could be more serious incidences of user account compromises along with customer identity theft.

Cluley said that social-networking websites now needed to mature up a bit, as reported by V3 on July 22, 2009. Cluley added that the sites had been extremely effective in drawing users, but it was time that they did some significant work in the background, with an approach to proactively halt spam, malware as well as identity theft.

Related article: Spike in Attacks Causes Early Release of Windows Patch

» SPAMfighter News - 8/10/2009