Most web malware found on legitimate websites

by Michael Smith (Veshengro)

More than two thirds of web-based malware is now found on legitimate web sites, according to a report by security supplier Scansafe. This represents an increase of 407% in comparison with May of last year, that is to say May 2007.

According to a senior security researcher at Scansafe hackers have moved away from direct attacks like social engineering to focus on indirect attacks that use trusted brand names.

Just because you are accessing a well-known site you definitely and absolutely cannot and should not assume that that site if safe. At this presently moment thousands of legitimate web sites are being compromised on a daily basis.

According to the report there has also been a 220% increase in the different kinds of web-based malware in the past year.

According to Scansafe authentication-bypass and password stealing malware has grown the fastest with an 855% increase, which puts sensitive corporate data at serious risk.

Since October last year there have been hundreds of thousands of mainly China-based attacks, in which hackers passed malicious code to visitors on completely legitimate websites.

The computers of visitors to those sites are infected when they are redirected to malicious servers using a code injection method based on the database query language SQL.

A number of legitimate websites have thus been attacked in the USA and the United Kingdom, amongst them the Wal-Mart's website in the USA, as well as the websites of the Royal Statistical Society, National Media Museum, Skills for Care, and a number of businesses in the UK.

Unlike in the past, so it would appear, a much larger number malicious networks and servers were used in those recent attacks. Whether this means that the attacker or attackers has or have changed tactics or whether we are seeing a copycat is still not clear at this moment, it would seem.

The one thing this might point to though is a government sponsored attack, maybe. Rumor has it, though that is rumor from serious professionals, that many of the attacks from China are in fact coming from security services and military in that country. Maybe we are seeing an attempt to find out weaknesses in the systems in order to attack much more sensitive places next.

© M Smith (Veshengro), June 2008