Hackers attack businesses, blogs and Web 2.0 sites, reveals Sophos Security Threat Report

July 23, 2008 Sophos Press Release

IT security and control firm Sophos has published new research into the first six months of cybercrime in 2008. The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals are increasingly using creative new techniques in their attempt to make money out of internet users.

It is estimated that the total number of unique malware samples in existence now exceeds 11 million, with Sophos currently receiving approximately 20,000 new samples of suspicious software every single day - one every four seconds.

The firm's report reveals that most attacks are now designed to try and out-fox traditional security systems such as email-scanning.

Website infection rate three times faster than 2007

The first half of 2008 has seen an explosion in threats spread via the web, the preferred vector of attack for financially-motivated cybercriminals. On average, Sophos detects 16,173 malicious webpages every day - or one every five seconds. This is three times faster than the rate seen during 2007.

Over 90 per cent of the webpages that are spreading Trojan horses and spyware are legitimate websites (some belonging to household brands and Fortune 500 companies) that have been hacked through SQL injection.

web

The chart for top malware hosted on the web is dominated by infections related to SQL injection attacks.

SQL injection attacks exploit security vulnerabilities and insert malicious code into the database running a website. Companies whose websites have been struck by such an attack often clean-up their database, only to be infected again a few hours later. Users who visit the affected websites risk having their computer taken over by hackers, and their personal banking information stolen by identity thieves.

Sophos has identified that the number one host for malware on the web is Blogger (Blogspot.com), which allows computer users to make their own websites easily at no charge. Hackers both set up malicious blogs on the service, and inject dangerous web links and content into innocent blogs in the form of comments. Blogspot.com accounts for 2 percent of all of the world's malware hosted on the web.

Business websites attacked, office workers at risk, Web 2.0 introduces new threats

Thousand of webpages belonging to Fortune 500 companies, government agencies and schools have been infected, putting visiting surfers at risk of infection and identity theft. High profile entertainment websites such as those belonging to Sony PlayStation, Euro 2008 ticket sales companies, and UK broadcaster ITV are amongst the many to have suffered from the problem.

Sophos experts note that with the continuing popularity of Web 2.0 social networking sites, including Facebook and LinkedIn, among business users, cybercriminals who have already gained access to user profiles, may begin to use these as corporate directories, noting new employees and launching spear-phishing attacks specifically aimed at stealing information from new and unsuspecting members of staff.

To guard against this risk, all organizations should ensure employees are fully educated about the dangers of posting too much information on these sites, and of accepting unsolicited friend requests.

"Businesses need to bite the bullet and take better care of securing their computers, networks and websites. They not only risking having their networks broken into, but are also putting their customers in peril by passing on infections," said Graham Cluley, senior technology consultant at Sophos. "But office workers must realise it's not just the business fat cats who need to worry about this. Visiting an infected website from your work PC, or sharing too much personal or corporate information on sites like Facebook, could lead to you being the criminal's route into your company."

Nicole Kidman and Angelina Jolie endanger safety of computer users via email

Although most attacks are now taking place via infected websites, email continues to present a danger. It is common for cybercriminals to spam out links to compromised websites, often using a subject line and message to tempt computer users into clicking through the promise of a breaking news story or a lewd topic.

Attacks via email file attachments, however, have reduced in 2008. Only one in every 2,500 emails examined in the first six months of 2008 was found to contain a malicious attachment, compared to one in 332 in the same period of 2007.

Malware which disguises itself as naked photos of Angelina Jolie or Nicole Kidman dominates the chart of top malware spreading via email attachment.

The Pushdo Trojan dominated the chart of most widespread malware spreading via email, accounting for 31 percent of all reports. Pushdo has been spammed out during the year with a variety of disguises. Some for example, have claimed to contain nude photographs of Hollywood stars Nicole Kidman and Angelina Jolie.

Much more information about the latest trends in malware, spyware and spam can be found in the latest Sophos Security Threat Report.