Waiter, There's Malware in My Soup!

rated by 0 users
This post has 4 Replies | 0 Followers

Top 10 Contributor
Posts 26,085
Points 1,183,160
Joined: Sep 2007
News Posted: Thu, Jul 24 2008 2:21 PM

October might be officially National Cyber Security Awareness Month, but based on the online security reports that have come out this July, it appears that Cyber Security Awareness is being promoted a few months early this year. First McAfee released its report on the lack of security measures being taken by small and medium businesses  in the U.S. and Canada, and now security company, Sophos has just released its extensive snapshot of the state of worldwide, online security for the first half of 2008 with its Security Threat Report.

Based on the information collected by SophosLabs--which included receiving "approximately 20,000 new samples of suspect software every single day"--Sophos crunched the numbers on online security risks and came up with some pretty scary statistics, including the following:

  • A newly infected Webpage is discovered every five seconds
  • A new spam-related Webpage is discovered every 20 seconds
  • There are currently over 11 million different malware threats in existence
  • Presently, the biggest malware threat is from SQL injection attacks against Websites
  • The top host for malware is Blogsot.com

The report explains that "one of the reasons the web is so popular with attackers is that innocent sites can be compromised and used to infect large numbers of victims." These attacks target both the visitors to the sites as well as the sites themselves via SQL injection attacks. Earlier this year the RIAA's site was hacked via SQL injection, as was Kaspersky's Malaysian site earlier this week. More than half of the affected Web server software during the first half of 2008 were Apache servers.

 Credit: Sophos
Curiously, the percentage of malicious e-mail attachments is way down from this time last year. For the first half of 2007, Sophos reports that 1 out of every 332 e-mails contained a malicious attachment of some kind. For the first half of this year, that ratio is down to only one out of every 2500. Sophos warns, however, that one should not assume that e-mail is necessarily safer--malicious e-mails are now just using more sophisticated techniques, such as linking to infected Websites, targeted malware (including spear-phishing), and backscatter spam. Spam is frequently the doorway to malware, and Sophos states that "only one in 28 emails is legitimate."

Microsoft Windows is the most prolific platform and therefore is the most targeted for malware. But Sophos is seeing a growing trend of malware being targeted at other platforms, such as the Mac OS, Linux, iPhone, cell phones, and even social-networking sites. As users are less used to encountering malware on these other platforms, they are far less likely to take proactive approaches to protect themselves from potential malicious attacks.

The stakes are high; much of the malware is designed to gain access to data and resources that enable cyber criminals to generate income from illegal activity such as identify theft and DOS attacks. Our coverage here only skims the surface of the depth that the report covers--follow the link below to see the full report (requires free registration).

  • | Post Points: 35
Top 50 Contributor
Posts 2,617
Points 32,625
Joined: Oct 2005
Location: Minnesota, United States
ice91785 replied on Thu, Jul 24 2008 4:12 PM
All very interesting -- the funny part is that a lot of these attacks are done for thrill or out of spite towards a person/company and these attackers get no financial benefit in return.

I guess to me why waste your time if all you get in return in a smile on your own face? Think of the hours wasted in programming/coding along with methods of implementation of said code etc...I understand the business side of this but hey, whatever gets people through their days

  • | Post Points: 20
Top 25 Contributor
Posts 3,563
Points 54,725
Joined: Jul 2004
Location: United States, Massachusetts
Dave_HH replied on Fri, Jul 25 2008 10:06 AM
Very true... I wonder too. It's all a conspiracy theory for the security software companies to get rich. ;)

Editor In Chief

  • | Post Points: 20
Top 50 Contributor
Posts 2,617
Points 32,625
Joined: Oct 2005
Location: Minnesota, United States
ice91785 replied on Fri, Jul 25 2008 11:46 PM

BTW Dave, do you want to invest in IceAnti-virus 2015? Cool

  • | Post Points: 5
Top 50 Contributor
Posts 2,911
Points 24,625
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Sun, Jul 27 2008 6:10 PM

The problem usually boils down to inexperienced admins who don't patch anything, and folks who refuse to update their back-end software for fear something will break. I guess another possibility is a rogue website that was created by someone that is not generally known about.

Once they get in there they put the malware that they use to infect client machines on those sites.

  • | Post Points: 5
Page 1 of 1 (5 items) | RSS