IBM reports huge rise in malicious links

Malicious links are becoming the scourge of internet users

The number of links to malicious web pages rocketed by over 500 per cent in the first half of this year, as hackers looked to snare unsuspecting users wherever they go on the internet, according to new IBM research.

The firm's X-Force 2009 Mid-Year Trend and Risk Report found that malware writers are using increasingly sophisticated ways to infect users, including compromising legitimate sites and posting malicious links on blogs and social networking pages.

"It seems there's an increasing instance of URLs linked to malicious sites in trusted sites like social networks, because people are much more likely to follow links on these sites," said James Rendell, senior technology specialist at IBM X-Force.

On the web application side, hackers are favouring SQL injection and cross site scripting attacks to infect visitors to legitimate sites which have been hacked with data-stealing Trojans. SQL attacks rose 50 per cent from fourth quarter of 2008 to the first quarter of 2009, and then nearly doubled from the first to the second quarter this year.

Just yesterday, it was reported that a single SQL attack had compromised more than 50,000 sites.

IBM also reported a rise in the number of obfuscated attacks against web browser vulnerabilities in order to circumvent detection by conventional tools.

The report noted a 100 per cent increase in the volume of these attacks between the first and second quarters of 2009, with PDF exploits particularly prevalent as hacking methods get more sophisticated, Rendell said.

Phishing has decreased dramatically this year, according to the report, but there will be no comfort for banking and other targeted institutions as IBM believes that customised data-stealing Trojans are increasingly being used to do the same job more effectively. Driven by this new trend, Trojans comprised 55 per cent of all new malware in the first half of the year, IBM said.

Finally, the growth in new vulnerabilities appears to have slowed somewhat. The actual volume of newly found vulnerabilities dropped eight per cent compared to the first half of 2008, but nearly half are still going unpatched by vendors, according to Rendell.

"Web application framework vendors feature strongly among those with unpatched vulnerabilities," he added. "In terms of overall disclosures Apple is first, but this is not in any way reflective of the quality of the software, just that the firm is being diligent in releasing patches and disclosing vulnerabilities."