The big, bad Web

Thursday, 26 April 2007 00:00 Written by Brett Myroff

Online malware makes the most of user behaviour The Internet now represents the easiest way for cybercriminals to gain entry to corporate networks, as more users access unregulated sites, download applications and stream audio/video.

Sophos predicts that 2007 is likely to see a significant shift away from the use of e-mail threats, with cyber criminals instead looking to exploit the continued global growth in Web use, as well as user-defined Web content.

THE THREAT FROM THE WEB

The Web is now perceived by administrators as the biggest threat to security and productivity. Not only do some Web sites contain visibly undesirable content - many also harbour spyware and adware. There has been an explosive growth in Web-based downloaders that deliver spyware.

According to one survey, workers spend around 20% of their Internet time on personal business or entertainment, increasing their risk of inadvertently downloading - particularly spyware and Trojan downloaders. Unmanaged Web browsing and personal Web transactions in the workplace play into the hands of spammers and malware writers, exposing company e-mail addresses to spam, harvesting and phishing.

Analysis by SophosLabs in 2006 found that over 75% of all phishing e-mails targeted users of PayPal or eBay. Organisations need an effective Web security solution that must do more than just protect against all forms of malware - it must also eliminate potentially unwanted applications (PUAs) and automatically prevent unauthorised Web browsing by controlling access to known bad sites.

Such a solution needs to be backed by continuous analysis of Web traffic around the world, that evaluates the category, code and conduct of Web pages.

E-mail will, however, continue to be an important vector for malware authors, though the increasing adoption of e-mail gateway security is making hackers turn to other routes for infection. The number of Web sites being infected with malware is on the rise. SophosLabs is currently uncovering an average of 5 000 new URLs hosting malicious code each day.

Many businesses aren`t geared up to gain insight into users` online behaviour, let alone control it, and it`s vital that they now begin to examine ways to incorporate Web security into their overall IT security strategy.

TROJANS TAKE OVER FROM SPYWARE

Last year, Sophos saw a decrease in the use of traditional spyware, in favour of multiple Trojan downloaders. The hacker sends a `special offer` (or similar) e-mail in an attempt to dupe recipients into visiting a Web site containing a malicious downloader. The executable file will attempt to download additional Trojans, a process that may be repeated multiple times to try and disable all security defences, before it downloads a spyware component - which will then have a better chance of success.

Statistics reveal that in January 2006 spyware accounted for 50.43% of all infected e-mail, while 40.32% were e-mails linking to Web sites containing Trojan downloaders.

By December 2006 the figures had been reversed, with the latter now accounting for 51.24%, and spyware-infected e-mails reduced to 41.87%. This trend looks set to continue into 2007 and beyond.

MALWARE TYPES DIFFER BY LOCATION

Sophos says 30% of all malware is now written in China, most of it taking the form of Trojans used for gaining a backdoor into users` computers. Surprisingly, 17% of malware written in China is designed for the specific purpose of stealing passwords from online gamers. In contrast, malware authors based in Brazil are responsible for 14.2% of all malware, the majority of which is designed to steal information from online bankers.

Malware often exploits current country-specific online trends, and identifying its source helps security experts and authorities strengthen criminal profiles and bring the perpetrators to justice.

THE ONGOING MALWARE THREAT

Uncontrolled user behaviour is only one aspect of the threat landscape. The basic problem of rapid malware evolution has not gone away - it is getting faster and more complex, with more focused attacks. The need for multi-tier protection has never been greater, and organisations must safeguard the network from the gateway to the end-point, including all points of access.

To add to administrators` woes, emerging threats include scareware and mobile malware. Scareware is software designed to dupe Internet users into believing that their PC is infected or suffering from another security problem, and then encouraging them to purchase a "fully-working" version of the software that will disinfect their computer.

About the author: is the CEO of master Sophos distributor Netxactics

Tags: Security