The Current Climate of Web-Based Malware Threats

by Christopher on November 27, 2011

The internet is becoming more hazardous to daily users, even those who take care to avoid the sort of websites typically associated with malware infections. In fact, malware infections are now considerably more likely to occur by visiting a compromised legitimate website than by opening a web page created to deliver malware, according to the MessageLabs Intelligence 2010 Annual Security Report. Last year, MessageLabs found 42,926 domains spreading malicious software, most of which were legitimate sites.

Commtouch’s Q4 2010 Internet Threats Trend Report outlines the type of sites most often compromised with malware. Pornographic sites are the perennial leader in this respect, followed by parked domains, computers and technology sites, business sites, and then education sites. The report also identifies the sites most often compromised with phishing ploys recently. The leading threat in this respect is gaming sites, with shopping sites, health and medicine sites, computer and technology sites, and business sites rounding out the top five.

Malware spread among peer-to-peer (P2P) websites that facilitate content and file sharing is a leading threat heading into 2011. In the second half of 2010, 3.2 million malware attacks were launched each month from P2P platforms, notes the Outcomes for 2010 and Predictions for 2011 report issued by Kaspersky Lab. The types of web-based threats spreading via P2P networks are practically all-encompassing; file viruses, a variety of worms, SMS fraud programs, backdoors, and Rogue AV software are all being seen in this context.

We’re also currently seeing a spike in ploys to get internet users to unwittingly download malicious software of their own volition. This has prompted cyber-criminals to further employ blackhat SEO techniques, disruptive ads, and unwanted re-directs to bring traffic to sites of infection.

The Koobface malware, whose name is a play on “Facebook,” is a current notable example of threats that trick users into downloading the infection. Commonly, victims received a message from friends on Facebook alerting them to a video posted on Blogger in which they were shown. Anxious to see themselves, users would follow the link to Blogger, unaware the message was inauthentic and originating from a friend’s hacked Facebook account. To see the video, the victim was prompted to download a necessary plug-in, which contained the Koobface malware.

One particularly alarming new threat, especially to industrial companies, is malware like the recent Stuxnet worm. Malware like this example has been targeting programmable logic controllers (PLCs), which are computers that operate the automated functions of electromechanical processes. The Stuxnet worm is the most significant web-based attempt at industrial sabotage we’ve seen, and the implications are quite dire, even posing very real threats to worker safety.

Also disturbing is the breakdown in 2010 of the guarantees associated with digital signatures and digital certificates, notes the Kaspersky Lab report. The former attest to the legitimacy of a message and its sender, while the latter establish the credentials of parties involved in web-based transactions. Currently, cyber-criminals are demonstrating the ability to create or obtain (legally or illegally) these online assets. The uses are varied and dangerous, compromising online transactions and facilitating fraud, as well as providing ways to fool and bypass the security measures in place on web-based applications.

The Kaspersky Lab report also identifies a key threat to watch for now, which it dubs Spyware 2.0. More sophisticated malware is already being employed with the one goal of illegally obtaining any and every piece of information possible, and this threat promises to increase in the foreseeable future. This new class of spyware indiscriminately steals all private information it gains access to, be it user names and passwords, financial data, contact lists, proprietary secrets, or anything else. Of course, the uses for this information vary, but all of it can be used for a cyber-criminal’s financial gain. The consequences of such malware infections can be ruinous for an individual or a company, with the latter possibly being exposed to major public relations nightmares and legal action.

The current climate of web-based threats is certainly not a pleasant one. And from the looks of things, it will continue to get worse before it gets better. One disturbingly clear fact is that we can no longer rely solely on our common sense to avoid malware and other online threats, as they are now lurking on legitimate sites across the web. This underscores the need for up-to-date information and for advanced, state-of-the-art malware protection.

Posted in: Malware

Previous post:

Next post: