Security:hyper endemic Epidemic:

Malware on legit sites poses most risk to users
Published: 2008-06-09

The greatest risk of exposure to malicious code on the Web comes, not from fraudulent sites, but legitimate Web pages that have been compromised to include malicious programs, according to a study published last week by Web security firm ScanSafe.


The study, which compared more than 10 billion Web requests from May 2007 and May 2008, found that two-thirds of malicious software, or malware, comes from legitimate sites. While the company saw a 220 percent increase in Web-based malware in a year, software attacks launched from legitimate sites raced ahead, increasing more than 400 percent.

"The compromise techniques being used now allow hackers to quickly 'colonize' thousands of legitimate sites, from big brand name sites like Wal-Mart, to smaller but equally legitimate sites," Mary Landesman, senior security researcher at ScanSafe, said in a statement.

The study is the latest report to find that hackers have moved toward using legitimate sites as a point from which to infect unsuspecting Web visitors. A number of attacks on vulnerabilities Web-site databases and administration tools has allowed attackers to litter legitimate sites with malicious code. In January, Web security firm Websense announced that, for the first time, compromised legitimate sites accounted for 51 percent of all online points of infection.

Browser makers have responded to the danger by incorporating anti-malware features into their software.

The ScanSafe study also found that backdoor and password-stealing software had jumped more than 850 percent in the last year.

If you have tips or insights on this topic, please contact SecurityFocus.

http://www.securityfocus.com/brief/751?ref=rss

http://snipurl.com/2es56

XXXXXXXXXXXXXXXXXXXX

My response:

Your article:
"Malware on legit sites poses most risk to users"

HI I'm an anthropologist and run an anti-terrorist blog and 100 cyber troopers.

In my research I have been calling this hyper endemic Epidemic:


I have been warning about this Security Epidemic.
There is only ONE security Vendor/program addressing it.
Private Sector Foot-Dragging has allowed millions and millions of infections.

SLQ injection epidemic, coupled with Exploiting Flash Zero Day Vulnerability and fast flus hosting.
SLQ gives hackers access to your PC on infected "trusted" sites, trusted sites have lowered security
levels. This is the most advanced successful sophisticated massive attack I have ever seen.

This is a new NEW VECTOR EXPLOIT.( bots for everyone? )
coming from a trusted site, " it " can walk thru all current security programs and Vista isn't even a constraint, nor are MACs. Coming from a trusted site there are many vectors to infect your PC/MAC. I HAVE SEEN EVIDENCE OF ROOTKITS ALSO.

I hope my note results in a effective response by the private sector vendors.

Our tracking capabilities indicate the Military are at risk also.

http://warintel.blogspot.com/2008/06/we-told-you-so.html
Please see both warnings posted on my page #1 and 2.

Gerald
Internet Anthropologist
ad Magnum

xxxxxxxxxxxxxxxxxxxx

Our cyber recon teams have been protected since March.
HAUTE SECURE

G

Related articles

• 'Legit' website compromises reach epidemic proportions [via Zemanta]
• Google fixes several site security issues [via Zemanta]
• Most Malware Is Launched From Legit Web Sites [via Zemanta]
• Most malware comes from legit sites, says researcher [via Zemanta]

Taliban BAIT

Estes Turbo Thruster,

Looks like a toy, it is, and could carry a lipstick vid cam, range 500 to 700 feet.
Would be great tool to draw fire, flying low over tree line, above hills, locate enemy.
$40 each.

Video soon.

Went to a party last week end on a farm.
Great time and there were a group of 20 + yr olds
that had a remote batt. powered Jet.
( 20 min.recharge time )
The Plane had large intake vents on both sides,
a large propeller in the middle of the plane, inside and smaller
exhaust vent, hense the ID of jet.
It flew for 10 or 15 min, at 40 to 75 feet,
they could fly higher but didn't.

They flew it out 500 to 700 feet away over tree lines
and over fence rows. ( It could fly further )

This wasn' the fly and crash toys of my
childhood but hand thrown
And they flew it for 25 or 30 huge ovals or fig.eights.
And were able tocontrol it to the extent they could fly
it 5 feet over my head, no crashes.

They had this plane for four days.
And trained themselves on it from written instructions.

Controls consisted of two buttons, right and left,
and power, more less, to control height.

It is a remarkable piece of aviation engineering at $40 sorry

They did hve some crashes in the begining and repaired it
with tape, it had been at one time in a dozen Styrofoam pieces
after a crash, and they just taped it back together and it flew.

This technology is off the shelf at Wal marts and cost $30

Now I know the military would be more comfortable
paying $10,000 each.

But the technology is there for every combat squad
In the world to have several drones with lipstick cameras
to hunt Taliban in wood rows.

Now it is susceptible to shotgun fire.

But at $30 a pop and being recyclable.
Thats a cheap price for tatget acquisition $30.
It flys low enough to know exactly where the fire
is coming from.
These are cheap enough to be used as bait, to draw fire
and find targets.

The Plane is about 24 inches wide and 24 inches long.

A company could have 16 of these flying perimeters and FOP.

Each squad could carry 3 or more and have eyes in it sky
anytime they want, any where for squad level force protection.

Gerald