A click away from infection

As more businesses put solutions in place to defend against traditional vectors of attack, such as infected e-mail attachments, cyber-criminals are honing their approach, explains Brett Myroff, CEO of Sophos distributor Netxactics.

"A new infected Web page is found and blocked by Sophos every 14 seconds, showing that the latest tactic is to e-mail links to infected Web pages in sophisticated socially engineered e-mails, as well as using Web ads and other marketing ploys to get victims to their sites," he explains.

Legitimate Web sites are increasingly being targeted by hackers to host malware in an attempt to circumvent conventional security measures and trick unwary users, he says.

A recent example of this was the "Secret Crush" application on Facebook. "Once a user installs the app, it downloads adware onto the PC. Users are directed to an external Web site, which invites them to download potentially unwanted applications that will display pop-up advertising. These third-party widgets are not written by Facebook, and can result in the careless sharing of personal information with strangers or risking your computer's security," Myroff says.

This week also saw a number of Trojan horses and worms making an appearance. Troj/SmallDl-AB, Troj/Dloadr-BFY and Troj/BHO-ER are affecting Windows users, says Myroff.

Furthermore, the W32/Traxg-N worm is also making the rounds, and spreading via peer-to-peer networks. It affects the Windows OS and the main side effect includes installing itself in the registry.

"VBS/Autorun-AU, a Visual Basic worm for the Windows platform, is spreading via removable storage devices and also installs itself in the registry."

He adds: "A key concern for computer users, however, remains the rate at which Web threats are propagating. Organisations need to look at a solution that takes the guess work out of security, by automatically identifying and protecting against threats before they impact operations."

Facebook also remains a risk as far as dangers entering the workplace are concerned. "Companies need to set policies regarding Facebook usage, and implement an appropriate Web security solution."