Cisco: E-Commerce Sites More Likely to Deliver Malware Than Malicious Ones
Booby-trapped legitimate sites are far better at distributing malware than malicious ones, according to new research from Cisco Systems.The most effective traps being set for Internet users are not on malicious sites, but the sites users would least expect—and the ones they trust the most. In Cisco Systems' 2013 annual security report, researchers found that online shopping sites are 21 times as likely—and search engines 27 times as likely—to deliver malicious content as counterfeit software sites. Along the same lines, online advertisements are 182 times as likely to deliver malicious content as pornography sites. "Attackers have no need to attract users to malicious sites," said Mary Landesman, senior security researcher at Cisco. "The Web is a very powerful distribution tool for malware and our analysis shows that the majority of this malware is being distributed through known, reputable, legitimate Websites. That malware may be delivered by compromising the legitimate site, or via third-party advertising or other content providers to the legitimate site." In such cases, the malware itself is downloaded silently via drive-by download attacks, meaning the user "has done nothing wrong," Landesman said. Though Cisco does not track the overall number of legitimate sites that get compromised, 83 percent of Web malware encounters it detected were with malicious scripts and iFrames, something that is typically indicative of encounters with such sites.
According to the report, malware writers are targeting the usual suspects with their exploits. The vast majority of Web exploits—87 percent—targeted Java. PDF and Adobe Flash Player exploits were the next most common types of Web exploits.