Subscribe

Malware accelerates


Johannesburg, 12 Sep 2008

Sophos issued its Threat Report for the first half of this year, earlier in the week. The report notes that financially motivated criminals are creating and spreading new malicious code at an accelerated rate.

According to independent testing organisation, av-test.org, there are now over 11 million unique malware samples in its collection. Many of these samples are Trojan horses, designed to silently steal information from computer users or compromise their PCs and take control of them.

Some highly crafted viruses are reminiscent of the deliberately complicated malware of the early 1990s, such as complex polymorphic viruses, which go to great lengths to try to avoid detection by anti-virus software.

"This 'conveyor belt' of computer crime has led to masses of new malware being pumped out onto the Internet every day, in the hope that some of it might slip past innocent users' anti-virus defences, and make them the next victims," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.

"Once again, increased flexibility in working practices, new and more complex operational threat methods, and a raft of new scams have continued to place a heavy burden on businesses, and the threat landscape remains challenging for the months ahead."

One of the major headline grabbers of the first half of 2008 is SQL injection attacks, which exploit security vulnerabilities and insert malicious code (in this case script tags) into the database running a Web site. "The attack works when user input, for instance on a Web form, is not correctly filtered or checked and unexpectedly executes as code, peppering the database with malicious instructions. Recovery can be painful, and there are numerous cases of Web site owners cleaning up their database only to be hit again a few hours later," Myroff says.

Aside from SQL injection, the first half of 2008 has also revealed other trends in Web-based malware. Hackers use established Web sites like Blogspot and Geocities, that make it easy for people to create their own sites, to host their malware because new pages are trivial to set up without requiring identification. In addition, some security products struggle to protect their users against malware on these sites for fear of blocking legitimate pages. In June 2008, Blogger (Blogspot.com) was responsible for hosting 2% of the world's Web-based malware, making it the primary host of malicious code worldwide.

Almost 60% of Web-based threats in January to June 2008 have affected Apache servers. This is a notable increase from the level seen during 2007, when Apache Web servers accounted for less than 49% of Web-based infections. A large number of Apache servers are hosted on Linux or some flavour of Unix, highlighting the fact that malware is not just a Microsoft problem.

"The first half of 2008 has seen very focused malware attacks, which are designed to infect specific individuals and corporations rather than the Internet community at large," Myroff adds. In April, there was a specifically targeted e-mail campaign sent to CEOs of various companies. The e-mails all related to federal subpoenas, pretended to be from the US Federal courts, and tried to frighten their hand-picked recipients into opening a dangerous attachment.

Nevertheless, with so many Windows home users seemingly incapable of properly defending themselves against the avalanche of malware and spyware being created for their platform, it seems sensible to suggest that some of them should consider switching to the Apple Mac platform. This suggestion is made not because Mac OS X is superior - but because there is simply significantly less malware currently being written for it. So cyber-criminals looking to maximise their return are likely to stick mostly to attacking Windows computers for the foreseeable future.

However, the likelihood is that there will continue to be malware written for Apple Macs, and Mac users should continue to follow safe computing best practices like running an anti-virus product and keeping up-to-date with security patches.

As more and more companies put defences in place at their e-mail gateway, and home users are protected by their ISP or Web e-mail account provider, criminals may have to become more inventive in how they deliver their messages and malware.

"While the current level of Facebook, Bebo and LinkedIn spam is still dwarfed by e-mail spam, there are likely to be more attempts to use Web 2.0 Web sites to spread malware and spam in the future," Myroff says.

Share

Editorial contacts