Infosecurity Europe 2007
Malware authors cut out attachments
/v3-uk/news/1998813/malware-authors-cut-attachments
26 Apr 2007, Iain Thomson , V3
Malware authors are shifting attack vectors from emails containing infected attachments to web pages embedded with malicious code, according to experts at Infosecurity Europe 2007.
Security firm Sophos is reporting that the traditional method of sending malware via attachment is now falling out of favour and that the authors can now bury the code in web pages and just send out links to that page.
"We are seeing an average of 5,000 infected web pages every day," said Graham Cluley, senior technology consultant at Sophos.
"Some days it goes as high as 20,000. Visit these sites, even if your browser is fully patched, and you run a risk of infection."
By exploiting vulnerabilities in the website server with a PHP attack or other technique, the malware author can imbed code in the site with little chance of detection.
Around 70 per cent of infected web pages are contained in legitimate sites from established companies.
"It is not just porn or gambling sites that are risky," said Carole Theriault, senior security consultant at Sophos.
"They are appearing everywhere, even in gardening sites. Content is no longer an indicator to risk."
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Something needs to be done about this!
Here's my 2 cents worth...
Web pages containing harmful code are nothing new. However, I think there is something that can be done about it. It is surely incumbent upon the hosting companies (these malicious web pages/scripts have to live somewhere) not to allow malicious code to be hosted on their systems. There is usually (and should be) a statement in the hosting companies terms and conditions/acceptable use policies that says something like 'uploaded content should not contain malicious code and any such activity will be investigated/reported to the relevant authorities'.
Also, the hosting companies should have details of who these people that upload malicious code are in their records, so they could be caught that way. I'm sure any reputable hosting company would not want it's systems used for fraudulent/criminal purposes, but unfortunately not all care about what data resides on their systems.
If the company uses their own server in a datacenter, or on a home-office broadband connection, then it's a different matter. Even so, using the equipment for fraudulent/illegal activities could be in violation of the datacenter or ISP terms and AU policy.
Posted by Mike, 27 Apr 2007