Hackers Expanding Web 2.0 Assaults

By Matthew Hines  |  Posted 2008-07-24 Print this article Print

With Black Hat only a few weeks away and the security industry gearing up for its yearly feast of cutting-edge research and exploit demonstrations, one of the trends most highly touted at the show for the last several years continues to flourish--as hackers and malware distributors rush to launch more of their attacks via so-called Web 2.0 social networking sites.

In its first-half 2008 Security Threat Report, endpoint security specialist Sophos found that attackers continued to move aggressively into the use of social networks as distribution points for their infections over the first six months of the calendar year.

Of the 20,000 unique new malware samples unearthed by the company each day during the first half of 2008 (yes, you read that correctly, with a new sample showing up at an average of once every four seconds of the day), Sophos said that URLs hosted on the Blogspot blogger network, owned by Google, accounted for more of the new attacks than any other online entity.

While Blogspot blog pages only accounted for a mere two percent of all the attacks tracked by Sophos, the trend is worth noting as it continues to unfold, the report contends.

"Hackers both set up malicious blogs on the service, and inject dangerous Web links and content into innocent blogs in the form of comments," Sophos researchers noted in a report summary. "With the continuing popularity of Web 2.0 social networking sites, including Facebook and LinkedIn among business users, cybercriminals who have already gained access to user profiles may begin to use these as corporate directories, noting new employees and launching spear-phishing attacks specifically aimed at stealing information from new and unsuspecting [staff] members."

Along with Web 2.0 sites, thousands of URLs controlled by Fortune 500 companies, government agencies and schools are also being infected by attackers, Sophos researchers said. Among the big names cited by the company to that end were Sony, UK broadcast network ITV, and ticket sales sites related to the Euro 2008 soccer tournament.

Overall, organizations need to continue to scale up their user awareness programs and more actively track their Web sites for potential infections, the AV company advised.

"Businesses need to bite the bullet and take better care of securing their computers, networks and Web sites. They not only risking having their networks broken into, but are also putting their customers in peril by passing-on infections," Graham Cluley, senior technology consultant at Sophos, said in the report summary. "But office workers must realize it's not just the business fat cats who need to worry about this. Visiting an infected Web site from your work PC, or sharing too much personal or corporate information on sites like Facebook could lead to you being the criminal's route into your company."

In deference to the trend of infected sites, Sophos noted that the pace at which malware-spewing URLs are showing up roughly tripled during the first half of the year, compared with the same period in 2007. On average, the company reported that it detected 16,173 malicious Web pages every day--or one every five seconds--over the last six months.

More than 90 percent of the sites involved in the distribution of Trojans and spyware, two of the leading forms of online attack, were legitimate properties, most of which were hacked via SQL injection, Sophos said.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

del.icio.us | digg.com

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel