Stat snapshot: How web threats spread
In 2011 we’ve seen some major changes in the way malware spreads on the web. While fake antivirus is on the decline (5.5% of detections in the past six months), drive-by downloads from exploit sites like Blackhole are on the rise. About 10% of detections are exploit sites, about two-thirds of which are Blackhole sites. In the second half of the year, 67% of detections were redirections on compromised legitimate sites. Of these, approximately half are believed to be redirections to Blackhole exploit sites.
Protection strategies for Blackhole
By tracking Blackhole detections with data from customers and partners, we have good visibility into where the exploit sites are hosted. We continually track, monitor and blacklist new sites. But because everything is continually moving—the code is polymorphic, and the exploit sites move to new URLs—it’s important to have layers of protection.
We not only detect the malware payload, but provide detection for Blackhole exploit sites at all possible levels:
- JavaScript used in the core exploit site page (Mal/ExpJS-N)
- Java exploit components (various detections)
- Flash exploit components (Troj/SWFExp-AI)
- PDF exploit components (Troj/PDFEX-ET)
Learn more about web protection
2012 Buyers Guide to Web Protection
Try our Sophos Virtual Web Appliance