Many sources of infection are caused by legitimate sites being hacked
Web site owners warned of growing attacks
/v3-uk/news/1972428/web-site-owners-warned-growing-attacks
09 Dec 2008, Phil Muncaster , V3
Web site owners should accept more responsibility for securing their sites against attack, as Sophos has revealed today that it identified one new infected web page every four and a half seconds during 2008.
The security vendor's annual Security Threat Report found that many sources of infection are caused by legitimate sites being hacked, often via the increasingly popular SQL injection attack in which malicious code is inserted into the database running a site.
Better patching and hardened web code will remove some of the risks, argued Sophos senior technology consultant Graham Cluley.
"Nowadays if you're running a web site of any size you're effectively a software publisher, because you're putting up things, perhaps in PHP, which may have vulnerabilities in them," he said.
"You must ensure that you take responsibility. You have to think differently if you're in e-commerce now."
Sophos also reported a five-fold increase in malicious email attachments during 2008, and predicted that hackers would increasingly attach " booby-trapped" versions of non-executable files like PDFs and Word documents, because users are more likely to open them.
Sophos also "named and shamed" the US for being the number-one host of malware, at 37 per cent, and being home to the largest number of spam-sending PCs.
"When the internet community gets together [as with McColo] things seem to get better for all of us," he said. "But the main problem is the home user population [in the US] is poorly protected, so we need better education of home users and businesses."
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Consumers and Business commerce alike
This is not only a problem for consumers as, in the modern economy, the vast majority of an organisation?s transactions are web-based at some point, whether directly or indirectly. Organisations are naïve to think that their business partners? websites are safe. As the article discusses, any malware planted there turns a trusted website into a harmful portal.
The infection of benign code from legitimate websites will be one of the the biggest IT security threats of 2009. In addition to checking code for their own sites, a healthy New Year?s resolution for organisations would be to conduct a vulnerability assessment and to protect the perimeters of their network ? inbound and outbound, so that such attacks can be detected and stopped.
By Martin Blackhurst, Product Manager, Redstone Managed Solutions
Posted by Martin Blackhurst, 23 Dec 2008