Malicious code rise driven by web
The number of new pieces of malicious software has doubled in the last
year with the web being used increasingly to distribute the code, a
report says. In the first quarter of 2007, security firm Sophos
identified 23,864 threats, up from 9,450 on this time last year.
In the same period the firm said it was identifying 5,000 web pages per
day infected with so-called malware.
The report was released during InfoSec, Europe's largest conference on
online security issues, in London.
"With computer users becoming increasingly aware of how to protect
against email-aware viruses and malware, hackers have turned to the
web as their preferred vector of attack," said the report.
Legitimate sites
Sophos reported that 70% of infected websites were legitimate sites
hijacked by hackers because they had not been sufficiently protected.
Visitors to websites -- even legitimate sites -- can protect
themselves by ensuring they have up-to-date virus and anti-spyware
software installed.
"What's most worrying is that so many websites are falling victim
because the owners are failing to properly maintain them," said
Carole Theriault, Sophos.
Search engine Google will warn users if they are visiting a website
which is known to have malware hidden on it.
While malware is a growing problem for users of Windows operating
systems, there is little evidence of the problem affecting users of
Apple Macs running OS X or PCs installed with Linux.
Sophos cited the example of the Miami Dolphins official website which
was hijacked in the week of the SuperBowl and was infected with
malicious script.
The code exploited Microsoft security vulnerabilities to install
malware located on a Chinese server on to visitors' computers.
"What's most worrying is that so many websites are falling victim
because the owners are failing to properly maintain them and keep up
to date with their patches," said Carole Theriault, senior security
consultant at Sophos.
"The average internet user assumes sites like the Miami Dolphins
homepage are safe to access, but by targeting a whole range of
internet pages, hackers are successfully infecting a larger number of
unwary surfers. Any ill-maintained website can fall victim."
According to the report, China hosts more than 40% of all websites
containing malware. The United States hosts almost 30% of all sites,
while the UK has 3% of the sites.
'Bad reputation'
"China has traditionally had a bad reputation when it comes to
cybercrime, consistently coming in the top two spam relaying countries
month after month, so its position in this chart should come as no real
surprise," said Ms. Theriault.
Now, 'Two for the price of one'
In a separate report, security firm MessageLabs warned that it was
beginning to see e-mails which were _both spam and contained a virus._
"While the cyber-criminals have long used e-mail viruses to create
botnets to send spam, this is the first time MessageLabs has seen
viruses hidden within stock scam spam," the firm reported.
Spammers sent out millions of fake stock e-mails in an attempt to
influence the price of stock so it rises and can then be sold at a
profit by the fraudsters. It is a practice known as "pump and dump".
"Why use two emails when just one will do? These latest techniques are
part of a new boldness being shown by certain criminal gangs we are
tracking," said Mark Sunner, chief security analyst at MessageLabs.
Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/6591183.stm
Copyright 2007 BBC.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html
For more news and headlines, please go to:
http://telecom-digest.org/td-extra/BBC.html
[TELECOM Digest Editor's Note: Indeed, why make two efforts at mass
mailing spam/scam when it can all be done in one mailing. I've
received a few of those; spam/scam/viri wrapped up all in one jumbo
package. Whoever thought of this time and money-saving technique of
doing it all at once deserves our special commendation (or would you
say damnation). A special, reserved spot in Hell, eh? PAT]