Traditionally, people think of malware being distributed via e-mail attachments in spam, but new data suggests that the cybercriminals are enlisting the use of URLs embedded in emails to direct the users to malware-hosting sites. Google cites evidence that shows Internet queries containing at least one malicious URL quadrupled in 2008.
Cyber criminals are becoming savvier. It used to be that only “questionable” websites hosted malware. Now, attackers are exploiting vulnerabilities on reputable websites and enlisting them to route users to remote malware-hosting sites. Sophos’ Security Threat Report states that there are 23,500 new infected web pages found every day. That equates to one infected website every 3.6 seconds – four times worse than statistics reported in 2007.
Among the risks to be aware of:
- SQL Injection Attacks are becoming more popular. With SQL Injection, attackers can compromise innocent, reputable sites by exploiting security vulnerabilities and inserting malicious code into databases running on a website. When subsequent users visit the infected site, malware is downloaded to their machine without their knowledge.
- Attackers are employing operational automation to deliver malware. Using automated systems, they are able to post malicious links into the comment sections of blogs and web forums. These links then route users to their malware-infected sites. In addition, they have automated the ability to search the web for vulnerable websites and inject malicious code into the servers using malware distribution tools.
- “Scareware” or rogueware generates big income for cybercriminals. By using virus alerts and pop-up messages to create the appearance of a compromised machine, the attackers scare users into purchasing fake anti-virus software, which in turn distribute malware instead of legitimate anti-virus software. Security researchers estimate that some 15 new scareware sites are deployed by cybercriminals every day.
In his book, “The Global Cybercrime Industry,” Nir Kshetri quotes a statistic from 2008 by Wolfe & Wade: "about 10 million computers worldwide are "hijacked" every day and connected to botnets.” I tend to think that the number of stealthy botnets residing on our business machines is underestimated. Because it is becoming so easy to become infected with a virus, as a result of the crafty cyber attackers, companies must educate their employees to remain vigilant with laptop, mobile and desktop device software patches. In addition, IT departments need to ensure that the latest software updates are deployed on all layers of their perimeter, host, and network defenses.