|
Since the virus threat first appeared on the business radar in the mid-1980s, the nature of the menace has changed considerably.
Spreading slowly via floppy disks, and knowing nothing of network drives or email, let alone the internet, early viruses were written by mischief-makers, keen to gain notoriety and kudos for their creations, or to create mindless damage. The motivation has changed over recent years and malicious software (malware) is now largely in the hands of organized criminal gangs, who have no interest in creating headlines for themselves, but do want to steal identities, hijack computers and compromise them in order to send spam, and blackmail companies with distributed denial-of-service attacks.
Financially motivated criminals are creating and spreading new malicious code at an accelerated rate. According to independent testing organization av-test.org, there are now over 11 million unique malware samples in its collection. SophosLabsTM – a global network of researchers and analysts – receives approximately 20,000 new samples of suspect software every single day. Many of these samples are Trojan horses, designed to silently steal information from computer users or compromise their PCs and take control of them.
SophosLabs is also encountering some highly crafted viruses (as opposed to Trojans) that are reminiscent of the deliberately complicated malware of the early 1990s, such as complex polymorphic viruses which go to great lengths to try to avoid detection by anti-virus software.
This “conveyor belt” of computer crime has led to masses of new malware being pumped out onto the internet every day, in the hope that some of it might slip past innocent users’ anti-virus defenses, and make them the next victims. Once again, increased flexibility in working practices, new and more complex operational threat methods, and a raft of new scams have continued to place a heavy burden on businesses and the threat landscape remains challenging for the months ahead.
Our growing dependence on the web for making purchases and gathering information makes it an ideal hunting ground for cybercriminals chasing poorly protected users, and the web has become the primary vector by which hackers try to infect business computers with malware.
In 2007, SophosLabs discovered one new infected webpage every 14 seconds. In the first six months of 2008 that figure rose to one every five seconds, or an average of 16,173 malicious webpages every day – and 90 percent of these webpages are on legitimate sites which have been hacked. The following is just a tiny sample of the hundreds of thousands of affected websites around the world which have fallen victim to a malicious attack and demonstrates that it is not just small-scale sites that are affected:
- January 2008 Thousands of websites belonging to Fortune 500 companies, government agencies and schools were infected with malicious code.
- February 2008 UK broadcaster, ITV, was the victim of a poisoned web advert campaign, designed to deliver scareware to Windows and Mac users.
- March 2008 A Euro 2008 soccer ticket website was hacked by cybercriminals in order to infect unwary fans’ computers and anti-virus firm Trend Micro found some of its webpages had been compromised.
- April 2008 Cambridge University Press’s website was compromised and visitors to its online dictionary were subject to attempts to run unauthorized hacker’s script on their computers.
- June 2008 As the Wimbledon tennis tournament opened in the UK, the Association of Tennis Professionals (ATP) website was infected.
- July 2008 Sony’s US PlayStation website suffered an SQL injection assault which put visiting consumers at risk from a scareware attack.
One of the reasons the web is so popular with attackers is that innocent sites can be compromised and used to infect large numbers of victims. However, it is not just the unsuspecting visitor who is the victim – the owner of the website also suffers.
This is particularly apparent with one of the major headline grabbers of the first half of 2008 – SQL injection attacks which exploit security vulnerabilities and insert malicious code (in this case script tags) into the database running a website. The attack works when user input, for instance on a web form, is not correctly filtered or checked and unexpectedly executes as code, peppering the database with malicious instructions. Recovery can be painful, and there are numerous cases of website owners cleaning up their database only to be hit again a few hours later.
|
