14 DAY TRIAL // According to a report recently released by ScanSafe, company that specializes in providing Software-as-a-Service (SaaS), malware related threats have increased by a staggering 278% in the first half of 2008. In June, 66% of all malware blocked by ScanSafe was related to legitimate web pages that had become compromised. It seems that lax security measures left these sites vulnerable to attacks, such as SQL injection, which became highly popular amongst hackers in June.
Mary Landesman, senior security researcher with ScanSafe, explains: "The mass compromise of websites poses particular challenge to corporate users. The impacted websites are typically known, legitimate, and trusted sites with a business purpose. These are sites that users visit frequently and the attacks are so stealthy and unobtrusive, that most visitors don't know that they've been infected."
Even if the security software does detect a threat and informs the user about it, the warning is simply disregarded, because the site is believed to be completely trustworthy. The user assumes the warning message is the result of a false positive and it seems that this sort of behavior is a result of historical conditioning, says the ScanSafe report.
In the past, successful attacks on legitimate web pages led to the defacement of said web page; the hacker would intensely advertise the fact that the site had been compromised. Nowadays hackers keep quiet about their exploits and go to great lengths to ensure their malware stays under the radar.
"This lack of awareness provides opportunity for attackers, an opportunity that will likely persist throughout the majority of 2008. Further, the increase in password stealers and backdoors provide opportunity for additional attacks on even more Websites, thus exponentially increasing the number of impacted sites," says the ScanSafe report for the month of June.
Eldar Tuvey from ScanSafe has recently discovered that this is exactly what happened to the Nigella Lawson web page.