Filed under: Internet, Security, News
Web-based malware attacks growing at an astonishing rate
Dasient, the web security firm founded by ex-Google staffers that launched in June of this year, have published a blog post which shows just how dangerous a place the web is becoming.
If you do any computer service - either as a job or a favor to friends and family - you've no doubt seen the end result of these attacks. Fake antivirus applications continue to be the biggest source of business at my day job. That's all thanks to a web that has been slow to adapt to the presence of these threats.
According to the data Dasient has gathered to date, they estimate the number of compromised web sites to be about 640,000. Netcraft puts the total number of sites on the Internet at around 240 million - so compromised sites only amount to .26% of the whole. Still, those 640,000 sites are serving as many many as 5.8 million infected pages says Dasient, up sharply from the 3 million pages earlier this year reported by Microsoft.
If you do any computer service - either as a job or a favor to friends and family - you've no doubt seen the end result of these attacks. Fake antivirus applications continue to be the biggest source of business at my day job. That's all thanks to a web that has been slow to adapt to the presence of these threats.
According to the data Dasient has gathered to date, they estimate the number of compromised web sites to be about 640,000. Netcraft puts the total number of sites on the Internet at around 240 million - so compromised sites only amount to .26% of the whole. Still, those 640,000 sites are serving as many many as 5.8 million infected pages says Dasient, up sharply from the 3 million pages earlier this year reported by Microsoft.
Do different methods account for the big change? Not so much, says Dasient. The rapid rate of growth in threats is borne out by the parallel growth of blacklists maintained by companies like Google.
Dasient notes four common weaknesses that are being exploited: compromised FTP credentials, server-side vulnerabilities, unpatched or unknown web application vulnerabilities, and ad networks (even unknowingly) serving malicious ads.
The best "poisoned" advertising example to date would have to be the New York Times website, which was unwittingly serving malicious links just a few weeks ago. The incident underscored just how big a problem this has become. You no longer have to be looking for cracked or pirated software, illegal music, or pornographic pictures and videos to be at risk. Mainstream sites are being targeted, putting even more users at risk.
It's more important than ever to make sure you protect yourself. If you're using Windows, arm yourself with a good antivirus and security tools. Linux and Mac users - yes, you're safe for now from most of these threats but certain attacks - like phishing - can effect you, too. Keep your web browser, plugins, and OS fully updated, and make sure you know what you're clicking before you click it.
For users on any operating system the free WebOfTrust add-on for Firefox, IE, and Google Chrome (read more about the WOT add-on) can help defend you against malicious links and site. It's well worth installing, especially on a Web that is under siege by malware.
I don't know if this is a labor of love or merely the brainchild of four very gifted games designers, but Level Up is a really weird mash-up of gaming elements that you have probably never seen in a Flash game before.
Let's start with the premise itself: Groundhog Day meets Memento. The game experience revolves around 'days': you explore the world and the clock slowly ticks towards the evening. You bounce around picking up gems and talking to the denizens of 'Level Upland'. Eventually you feel tired and head back to ...
Reader Comments (Page 1 of 1)
Sir Loin said 12:27PM on 10-28-2009
Thank you for this, passed it along to the powers that be at my work. Too bad we can't publicly flog the malware creators if they get caught.
Reply
Doron Ben Chaim said 2:35PM on 10-28-2009
And to think that Adblock+ and some common sense could fix all this. There is so much knowledge online, yet people are so dumb.
Reply
AltairAntares said 2:35PM on 10-28-2009
This is my VMs are the future- get something infected? No problem, just restore back a day or so. No need to endanger the actual computer.
Reply
michas_pi said 2:26AM on 10-29-2009
"Affect", not "effect".
Reply