All the latest UK technology news, reviews and analysis
|
|
|
26 Apr 2007
Malware authors are shifting attack vectors from emails containing infected attachments to web pages embedded with malicious code, according to experts at Infosecurity Europe 2007.
Security firm Sophos is reporting that the traditional method of sending malware via attachment is now falling out of favour and that the authors can now bury the code in web pages and just send out links to that page.
"We are seeing an average of 5,000 infected web pages every day," said Graham Cluley, senior technology consultant at Sophos.
"Some days it goes as high as 20,000. Visit these sites, even if your browser is fully patched, and you run a risk of infection."
By exploiting vulnerabilities in the website server with a PHP attack or other technique, the malware author can imbed code in the site with little chance of detection.
Around 70 per cent of infected web pages are contained in legitimate sites from established companies.
"It is not just porn or gambling sites that are risky," said Carole Theriault, senior security consultant at Sophos.
"They are appearing everywhere, even in gardening sites. Content is no longer an indicator to risk."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
My client is a well established, non profit organisation;...
PHP Web Developer – £30,000 - £35,000 PHP, MySQL, HTML...
HEAD OF DIGITAL - London - £80-95K + Excellent Bens...
Agile C# Developer - (North London) £55,000 - £65,000...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Something needs to be done about this!
Here's my 2 cents worth... Web pages containing harmful code are nothing new. However, I think there is something that can be done about it. It is surely incumbent upon the hosting companies (these malicious web pages/scripts have to live somewhere) not to allow malicious code to be hosted on their systems. There is usually (and should be) a statement in the hosting companies terms and conditions/acceptable use policies that says something like 'uploaded content should not contain malicious code and any such activity will be investigated/reported to the relevant authorities'. Also, the hosting companies should have details of who these people that upload malicious code are in their records, so they could be caught that way. I'm sure any reputable hosting company would not want it's systems used for fraudulent/criminal purposes, but unfortunately not all care about what data resides on their systems. If the company uses their own server in a datacenter, or on a home-office broadband connection, then it's a different matter. Even so, using the equipment for fraudulent/illegal activities could be in violation of the datacenter or ISP terms and AU policy.
Posted by: Mike 27 Apr 2007