Web-based Malware Predominates Cyber Attackers’ Preference

Hackers are progressively turning to the Web for spreading their malware, discarding the old e-mail technique, according to recent statistics.

Sophos' latest report indicates that there were 245,790 web pages in April 2007 that hosted malicious programs, while the number of infected web pages per day on average was 8,193.

Security experts at Sophos relate this to Mal/Iframe, the threat that has been overriding all others in March 2007. The threat comprised of almost 50% of all the global web attacks. The attack exploits security holes on authentic sites in order to plant malicious software onto its pages. When users visit these sites they make way for the malware to infect their systems.

The list of top ten malware threats that spread through the Web in April 2007 included Mal/Iframe -(44.7%), JS/EncIFra -(19.7%), Troj/Fujif -(10.0%), Troj/Psyme -(8.7%), Troj/Decdec -(5.3%), Troj/Ifradv -(4.0%), Mal/Packer -(1.0%), Mal/FunDF -(0.7%), Mal/ObfJS -(0.5%), Mal/Behav (0.4%), and Others -(5.0%).

Mal/Iframe was predominant in the web-based malware list in April this year. It accounted for half of total web threats across the world. Iframe malware seeks vulnerabilities on actual websites to inject malicious code onto them. The corrupted site also infects the visitors who may not have web security, firewall or patches on their computers.

The attacks that use Iframe malware generating the maximum web threat, targets flawed sites, said Carole Theriault, senior security consultant at Sophos. SCMagazine reported this, May 3, 2007. The cleverly designed e-mail offers lures the innocent users to compromised web pages. Therefore, web security needs to do much more than just blocking malevolent websites.

The research reveals that Sophos has detected 56% of infected websites in China and Hong Kong in April 2007. Compared to the previous month, the increase was 20%. According to the report this was because China hosted a bulk of websites without being patched against the Iframe malware.

Sophos published another report on April 24, 2007, which said that malicious code - increasingly residing in web pages - was more than two-fold in 2006. During the first three months of 2007, anti-malware firm Sophos detected 23,864 new threats that doubled the 9,450 figures as per Sophos' estimates in Q1 2006.

Related article: Web Browsers Too Have Security Exploits

» SPAMfighter News - 5/9/2007