[ insider_reports_insider ]
Most Malware Hosted On Trusted Sites
SecurityProNews
Staff Writer
2009-05-12
 Insider Reports RSS Feed
As the folklore of the Web goes, one contracts a computer virus in places analogous to where one might contract certain types of real viruses: in "bad" neighborhoods one shouldn't be in the first place. But times are changing, and though New York City cleaned up Times Square, cybercrooks are setting up shop in some of the Web's busiest places.
 | | Most Malware Hosted On Trusted Sites |  |
Symantec's MessageLabs says the assumption most web-based malware originates from recently created, temporary, trashy adult sites is becoming an old-fashioned notion. Modern hackers are focusing on well-established, trusted websites they can compromise-sites users trust every day of the week.
According to data collected last week, 84.6 percent of website domains blocked by security programs for hosting malicious content were over a year old. Only 15.4 percent were less than a year old, 10.2 percent less than a month, and 3.1 percent less than a week.
"It is highly likely that older sites are legitimate sites, while those that are only a week old or less are likely to be temporary sites set up with the sole purpose of distributing malware," said MessageLabs senior analyst Paul Wood. "People need to be extra vigilant and understand that even sites they know and trust can be compromised through attacks such as SQL injection attacks."
Or cross-site scripting (XSS) for that matter. The most recent and frightening examples come from Google and even security company McAfee.
A security researcher known by the online handle of "Inferno" discovered an XSS vulnerability in mid-April affecting a range of Google services like Gmail, Google Documents, iGoogle, and Analytics.
The flaw involved Google's Support Python Script enabling hackers to steal session cookies. Because Google.com uses a single sign-on cookie for all its personalized services, a hacker could have gained access to users' emails, contacts, documents, website code and analytics-anything Google users might have stored on Google servers.
While that's a terrifying for scenario for many, Inferno took the moral path and quietly reported the vulnerability to Google. To Google's credit, Google was on the job less than an hour after receiving the report, even late on Saturday night, and had all Google servers updated by last week, just two weeks later.
(Everything's relative; the sheer number of servers and programs affected made this a heckuva job. Two weeks can be considered quick, especially since Adobe is still recommending workarounds until they can patch up Reader and Acrobat.)
Around the same time, Google had to act fast to patch up two XSS vulnerabilities in its Chrome browser.
If the impenetrable Google isn't immune, then security companies certainly are, right? Not always so. McAfee Secure, a service for checking websites for vulnerabilities and PCI Data Security Standard compliance, was recently taken offline while the company patched up its own XSS vulnerability.
View All Articles by SecurityProNews
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
