Security:hyper endemic Epidemic:
Malware on legit sites poses most risk to users
The greatest risk of exposure to malicious code on the Web comes, not from fraudulent sites, but legitimate Web pages that have been compromised to include malicious programs, according to a study published last week by Web security firm ScanSafe.
The study, which compared more than 10 billion Web requests from May 2007 and May 2008, found that two-thirds of malicious software, or malware, comes from legitimate sites. While the company saw a 220 percent increase in Web-based malware in a year, software attacks launched from legitimate sites raced ahead, increasing more than 400 percent.
"The compromise techniques being used now allow hackers to quickly 'colonize' thousands of legitimate sites, from big brand name sites like Wal-Mart, to smaller but equally legitimate sites," Mary Landesman, senior security researcher at ScanSafe, said in a statement.
The study is the latest report to find that hackers have moved toward using legitimate sites as a point from which to infect unsuspecting Web visitors. A number of attacks on vulnerabilities Web-site databases and administration tools has allowed attackers to litter legitimate sites with malicious code. In January, Web security firm Websense announced that, for the first time, compromised legitimate sites accounted for 51 percent of all online points of infection.
Browser makers have responded to the danger by incorporating anti-malware features into their software.
The ScanSafe study also found that backdoor and password-stealing software had jumped more than 850 percent in the last year.
If you have tips or insights on this topic, please contact SecurityFocus.
"Malware on legit sites poses most risk to users"
HI I'm an anthropologist and run an anti-terrorist blog and 100 cyber troopers.
In my research I have been calling this hyper endemic Epidemic:
I have been warning about this Security Epidemic.
There is only ONE security Vendor/program addressing it.
Private Sector Foot-Dragging has allowed millions and millions of infections.
SLQ injection epidemic, coupled with Exploiting Flash Zero Day Vulnerability and fast flus hosting.
SLQ gives hackers access to your PC on infected "trusted" sites, trusted sites have lowered security
levels. This is the most advanced successful sophisticated massive attack I have ever seen.
This is a new NEW VECTOR EXPLOIT.( bots for everyone? )
coming from a trusted site, " it " can walk thru all current security programs and Vista isn't even a constraint, nor are MACs. Coming from a trusted site there are many vectors to infect your PC/MAC. I HAVE SEEN EVIDENCE OF ROOTKITS ALSO.
I hope my note results in a effective response by the private sector vendors.
Our tracking capabilities indicate the Military are at risk also.
Please see both warnings posted on my page #1 and 2.
Our cyber recon teams have been protected since March.