Filed under: Internet, Security, News
Web-based malware attacks growing at an astonishing rate
Dasient, the web security firm founded by ex-Google staffers that launched in June of this year, have published a blog post which shows just how dangerous a place the web is becoming.
If you do any computer service - either as a job or a favor to friends and family - you've no doubt seen the end result of these attacks. Fake antivirus applications continue to be the biggest source of business at my day job. That's all thanks to a web that has been slow to adapt to the presence of these threats.
According to the data Dasient has gathered to date, they estimate the number of compromised web sites to be about 640,000. Netcraft puts the total number of sites on the Internet at around 240 million - so compromised sites only amount to .26% of the whole. Still, those 640,000 sites are serving as many many as 5.8 million infected pages says Dasient, up sharply from the 3 million pages earlier this year reported by Microsoft.
If you do any computer service - either as a job or a favor to friends and family - you've no doubt seen the end result of these attacks. Fake antivirus applications continue to be the biggest source of business at my day job. That's all thanks to a web that has been slow to adapt to the presence of these threats.
According to the data Dasient has gathered to date, they estimate the number of compromised web sites to be about 640,000. Netcraft puts the total number of sites on the Internet at around 240 million - so compromised sites only amount to .26% of the whole. Still, those 640,000 sites are serving as many many as 5.8 million infected pages says Dasient, up sharply from the 3 million pages earlier this year reported by Microsoft.
Do different methods account for the big change? Not so much, says Dasient. The rapid rate of growth in threats is borne out by the parallel growth of blacklists maintained by companies like Google.
Dasient notes four common weaknesses that are being exploited: compromised FTP credentials, server-side vulnerabilities, unpatched or unknown web application vulnerabilities, and ad networks (even unknowingly) serving malicious ads.
The best "poisoned" advertising example to date would have to be the New York Times website, which was unwittingly serving malicious links just a few weeks ago. The incident underscored just how big a problem this has become. You no longer have to be looking for cracked or pirated software, illegal music, or pornographic pictures and videos to be at risk. Mainstream sites are being targeted, putting even more users at risk.
It's more important than ever to make sure you protect yourself. If you're using Windows, arm yourself with a good antivirus and security tools. Linux and Mac users - yes, you're safe for now from most of these threats but certain attacks - like phishing - can effect you, too. Keep your web browser, plugins, and OS fully updated, and make sure you know what you're clicking before you click it.
For users on any operating system the free WebOfTrust add-on for Firefox, IE, and Google Chrome (read more about the WOT add-on) can help defend you against malicious links and site. It's well worth installing, especially on a Web that is under siege by malware.
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
Sir Loin said 12:27PM on 10-28-2009
Thank you for this, passed it along to the powers that be at my work. Too bad we can't publicly flog the malware creators if they get caught.
Reply
Doron Ben Chaim said 2:35PM on 10-28-2009
And to think that Adblock+ and some common sense could fix all this. There is so much knowledge online, yet people are so dumb.
Reply
AltairAntares said 2:35PM on 10-28-2009
This is my VMs are the future- get something infected? No problem, just restore back a day or so. No need to endanger the actual computer.
Reply
michas_pi said 2:26AM on 10-29-2009
"Affect", not "effect".
Reply