According to the latest quarterly malware report from Dasient, the number of infected Websites has doubled to 1.2 million.
More than 1.2 million Websites were infected by malware in the third quarter
of 2010, according to security firm Dasient. This includes legitimate sites
belonging to government agencies and malvertisements, or malicious
advertisements.
In the third quarter of 2009, there were 560,000 Websites infected. While
Dasient's researchers had
expected the number to increase, the fact that it doubled was a surprise, said
Dasient CTO Neil Daswani.
Instead of just growing in volume, malware has also changed in the way it
spreads, said Daswani. While spam and e-mail attachments are still popular, "
drive-by-download"
techniques, where the user is infected without clicking on a link or opening an
attachment, are becoming more common, he said.
The popularity of Web-based e-mail services, such as Hotmail, Yahoo Mail and
Gmail, means that most attachments are being scanned automatically by antivirus
software. As a result, cyber-criminals are taking advantage of interactive Web
2.0 trends to implement drive-by-downloads instead of relying on attachments,
according to Dasient.
Drive-by-downloads were originally occurring on malicious Websites the users
landed on after clicking on a link in a spam e-mail, comment or link on a
social networking site. However,
legitimate
Web sites are increasingly becoming part of the problem as hackers
repeatedly compromise the site and download malware on visitors' computers.
According to Dasient's data, drive-by-downloads and
fake
antivirus scams are the most prolific methods for distributing malware.
Along with large and well-known sites such as Google, government agencies
are increasingly being targeted, and reinfection rates remain high, said
Daswani. From 2008 to 2009, hackers generally targeted smaller and lesser-known
government agency Websites, but in 2009 to 2010, the sites of larger and better-known
agencies such as the Environmental Protection Agency, unemployment.gov,
and National Institutes of Health, were targeted, according to Dasient's
report. The Website of Alabama has been infected and reinfected 37 times since
2008, while the National Institutes of Health's Website has been reinfected
five times.
According to Daswani, the probability of a
site
becoming reinfected is high-about 40 percent.
More than 1.5 million
malvertisements-or
ads and widgets whose sole purpose is to spread malware-were served online per
day, according to Dasient's data. This number includes both drive-by-downloads
and fake antivirus, said Daswani. These campaigns are also fairly long-lived in
Internet time, lasting an average 11.1 days, according to the report.
Three of the top 10 domains responsible for drive-by-downloads have the word
"ads" in the name, according to the Dasient survey. The domains were
myads.name, freead.name, and adsnet.biz. Attackers are beginning to focus on
malvertising as opposed to traditional Web-based attacks, said Daswani.
Looking at countries from which most attacks originated, Dasient noticed
that Russia-based domains had jumped during the quarter. Despite the frequency with
which China is
mentioned in the news, attacks from Chinese domains had dropped, the company
found.
Malware authors are aware of how the good guys work. There are increasing
numbers of malware kits that check whether or not the site is being used in a virtual environment, such as VMware or Parallels, according to the report.
As for zero-day exploits, authors "run through 40 or more antivirus
software [programs] to make sure the viruses they are developing don't get
detected before releasing it,"
said Daswani.
Dasient's Daswani predicted that as social media proliferates in 2011,
cyber-criminals will be even more aggressive in using drive-by-downloads and
rogue antivirus scams to target users.
Email
Print
