The Current Climate of Web-Based Malware Threats

by Christopher on November 27, 2011

The internet is becoming more hazardous to daily users, even those who take care to avoid the sort of websites typically associated with malware infections. In fact, malware infections are now considerably more likely to occur by visiting a compromised legitimate website than by opening a web page created to deliver malware, according to the MessageLabs Intelligence 2010 Annual Security Report. Last year, MessageLabs found 42,926 domains spreading malicious software, most of which were legitimate sites.

Commtouch’s Q4 2010 Internet Threats Trend Report outlines the type of sites most often compromised with malware. Pornographic sites are the perennial leader in this respect, followed by parked domains, computers and technology sites, business sites, and then education sites. The report also identifies the sites most often compromised with phishing ploys recently. The leading threat in this respect is gaming sites, with shopping sites, health and medicine sites, computer and technology sites, and business sites rounding out the top five.

Malware spread among peer-to-peer (P2P) websites that facilitate content and file sharing is a leading threat heading into 2011. In the second half of 2010, 3.2 million malware attacks were launched each month from P2P platforms, notes the Outcomes for 2010 and Predictions for 2011 report issued by Kaspersky Lab. The types of web-based threats spreading via P2P networks are practically all-encompassing; file viruses, a variety of worms, SMS fraud programs, backdoors, and Rogue AV software are all being seen in this context.

We’re also currently seeing a spike in ploys to get internet users to unwittingly download malicious software of their own volition. This has prompted cyber-criminals to further employ blackhat SEO techniques, disruptive ads, and unwanted re-directs to bring traffic to sites of infection.

The Koobface malware, whose name is a play on “Facebook,” is a current notable example of threats that trick users into downloading the infection. Commonly, victims received a message from friends on Facebook alerting them to a video posted on Blogger in which they were shown. Anxious to see themselves, users would follow the link to Blogger, unaware the message was inauthentic and originating from a friend’s hacked Facebook account. To see the video, the victim was prompted to download a necessary plug-in, which contained the Koobface malware.

One particularly alarming new threat, especially to industrial companies, is malware like the recent Stuxnet worm. Malware like this example has been targeting programmable logic controllers (PLCs), which are computers that operate the automated functions of electromechanical processes. The Stuxnet worm is the most significant web-based attempt at industrial sabotage we’ve seen, and the implications are quite dire, even posing very real threats to worker safety.

Also disturbing is the breakdown in 2010 of the guarantees associated with digital signatures and digital certificates, notes the Kaspersky Lab report. The former attest to the legitimacy of a message and its sender, while the latter establish the credentials of parties involved in web-based transactions. Currently, cyber-criminals are demonstrating the ability to create or obtain (legally or illegally) these online assets. The uses are varied and dangerous, compromising online transactions and facilitating fraud, as well as providing ways to fool and bypass the security measures in place on web-based applications.

The Kaspersky Lab report also identifies a key threat to watch for now, which it dubs Spyware 2.0. More sophisticated malware is already being employed with the one goal of illegally obtaining any and every piece of information possible, and this threat promises to increase in the foreseeable future. This new class of spyware indiscriminately steals all private information it gains access to, be it user names and passwords, financial data, contact lists, proprietary secrets, or anything else. Of course, the uses for this information vary, but all of it can be used for a cyber-criminal’s financial gain. The consequences of such malware infections can be ruinous for an individual or a company, with the latter possibly being exposed to major public relations nightmares and legal action.

The current climate of web-based threats is certainly not a pleasant one. And from the looks of things, it will continue to get worse before it gets better. One disturbingly clear fact is that we can no longer rely solely on our common sense to avoid malware and other online threats, as they are now lurking on legitimate sites across the web. This underscores the need for up-to-date information and for advanced, state-of-the-art malware protection.

Be the first to comment

Malware threats, a leading concern in the internet security industry, are on the rise. To make matters worse, the types of malware infecting home and business computers are evolving, as are the methods by which they are transmitted. According to web security company Kaspersky Lab, the count of recorded malware incidents hit a new record at 1.5 billion in 2010. About one-third of these occurred via browser attacks, while others came through email spam, network attacks, and software vulnerabilities.

Peer-to-peer networks have become a notable source of malware transmission. In fact, Kaspersky Lab identifies them as the second-most common source of malware infections, following only browser attacks. The threats coming from this arena are diverse and include Trojans and file viruses, worms, rogue AVs, and backdoors. Internet security firm Cisco recently pointed out that malware attacks on the three leading P-2-P networks, eDonkey, BitTorrent, and Gnutella, were increasing significantly.

Kaspersky Lab realized the P-2-P malware threats were becoming an epidemic when recorded incidents hit 2.5 million in March of 2010. By year’s end, the number of monthly attacks reached 3.2 million. It’s worth noting, however, that these numbers aren’t inclusive of Trojans and file viruses, putting the estimate for the actual number of P-2-P-based malware incidents up to 10 million per month. Kaspersky Lab points to Internet Explorer as particularly vulnerable, as well as programs that operate in conjunction with browsers, such as Adobe Reader and Flash Player.

As for the number one source of malware threats today–attacks via internet browsers–Kaspersky Lab recorded more than 580 million incidents in 2010. This was an astonishing leap from 2009 numbers, when there were 73.6 million such attacks. Considering there were only 23.6 million malware attacks via browsers in 2007, an alarming trend has certainly been established.

Moreover, spammers and scammers are currently making ample use of social networking sites, particularly Facebook and Twitter, and fraudulent partner programs to spread a variety of malware threats. Notorious botnets, including Koobface, Bredolab, ZeuS, Mariposa, Sinowal, TDSS, and Black Energy 2.0 launched malware attack after attack, spreading worms to millions of computers each time. Some of these botnets were first to infect 64-bit platforms with malware. This was often accomplished by taking advantage of zero-day vulnerabilities, or weaknesses in new software that have not yet been discovered by programmers.

While these are some of the more noteworthy malware threats in the internet security landscape today, cyber criminals and spammers are constantly finding new avenues to infect computers across the globe. The rising trend in spreading malware to cell phones and PDAs is also alarming. Androids and iPhones have proven vulnerable to malware and spyware infections lately. The ever-changing nature of malware threats, combined with the perpetually increasing ways in which they can be propagated, necessitate the most current virus protection and spam filtering.

Be the first to comment

Recent Spam Malware Trends and the Death of Osama bin Laden

April 17, 2011

It’s common practice for spammers and cybercriminals to incorporate major current event headlines into the subjects and bodies of their unsolicited bulk email messages. The tactic appeals to the recipient’s curiosity and desire to remain informed about the latest happenings around the world. Often, spam attempts to lure people to websites selling software or other […]

Read the full article →

Malware Sent Via Spam Email Messages is on the Rise

April 13, 2011

While spam is widely regarded as mostly a nuisance, the malicious ways in which it is employed are continually expanding and evolving. A growing concern among email security companies is the inclusion of malware in spam email messages. In 2010, 2.2 percent of all email contained a malicious attachment, on average, as reported by web […]

Read the full article →

A Global View of Malware Threats: Which Countries Spread Them and Which Countries are Victimized?

March 11, 2011

In 2010, internet security firm Kaspersky Lab recorded 580.3 million browser-based malware attacks. As malware threats continue to rise, attacks made via vulnerabilities in web browsers and the programs that run with them, such as PDF readers and media players, are the leading avenue of infection. Approximately one in three malware attacks are committed in […]

Read the full article →