Hackers step up website attacks

Trend Micro has warned that hackers are intensifying attacks on legitimate websites to spread malware.

The security firm's 2007 Threat Report and 2008 Forecast debunked the myth about "not visiting questionable sites". Just because a user visits a gambling or adult-content site does not necessarily mean that web threats are lurking in the shadows.
But legitimate sites with the latest sports news, or links in a search engine result, could potentially infect visitors with malware.

Trend Micro explained that an underground malware industry has carved itself a thriving market by exploiting the trust and confidence of web users.

The Russian Business Network, for example, was notorious last year for hosting illegal operations including child pornography, phishing and malware distribution.

Apple also had to contend with the Zlob gang, proving that even alternative operating systems are not safe havens for the online user.

'Gromozon', malware disguised in the form of a rogue anti-spyware security application, also made its mark in 2007.

The Storm botnet expanded in scope last year, and Trend Micro researchers found proof that the botnet is renting its services to host fly-by-night online pharmacies, pump-and-dump scams, and even portions of its backend botnet infrastructure.

The most popular communication protocol among botnet owners during 2007 was still Internet Relay Chat, possibly because software to create IRC bots is widely available.

Such bots are easily implemented and at the same time movement to encrypted P2P is being used and tested in the field.

Trend Micro found that nearly 50 per cent of all threat infections came from North America last year, but that Asian countries are also experiencing a growth. Around 40 per cent of infections stem from that region.

Social networking communities and user-created content such as blog sites became infection vectors due to attacks on their underlying web 2.0 technologies, particularly cross-site scripting and streaming.

Infection volumes nearly quadrupled between September and November 2007, indicating that malware authors took advantage of the holiday seasons to send spam or deploy spyware while users were shopping online.

Based on the emerging trends of this year, Trend Micro forecasts that legacy code used in operating systems, and vulnerabilities in popular applications, will continue to be attacked in an effort to inject in-process malicious code.

Criminals can exploit this code to run malware in efforts to breach computer and network security and steal confidential and proprietary information.

High-profile sites will continue to be the most sought-after attack vectors by criminals to host links to phishing and identity theft code.

These sites include social networking, banking/financial, online gaming, search engines, travel, commercial ticketing, local government, news, jobs, blogs, and ecommerce sites for auctions and shopping.

Communication services such as email, instant messaging and file sharing will continue to be abused by content threats such as image spam and malicious URLs.

Data protection and software security strategies will become standard in the commercial software lifecycle due to the increasing high-profile incidents, Trend Micro believes.

This will also put a focus on data encryption technologies during storage and transit, particularly in the vetting of data access in the information and distribution chain.