35 percent increase of web-based malware

May 13, 2008 10:32 GMT  ·  By

Today's hackers use extremely advanced techniques, which makes it quite difficult to block their attacks and prevent similar actions in the future. But what's worse is that more and more attacks are now relying on web-based malware which obviously affect thousands of pages and their visitors. According to a report published by ScanSafe, April came with a 35 percent increase in web-based malware, mostly due to two major attacks that took place that month.

"What we saw in April was a one-two punch," says Mary Landesman, senior security researcher, ScanSafe. "In addition to the much publicized SQL injection attack, Web surfers were impacted by the mushrooming of an attack on mid-tier websites. While individually these mid-tier sites may not pack in the visitors, collectively they make up what's often referred to as the Long Tail of the Web. Ongoing investigation by our Security Threat Alert Team indicates this is a large scale attack that is growing exponentially and is not being detected by the majority of Web crawlers."

As mentioned, hackers' techniques evolved a lot and, even if they once used to create special malicious websites and lure people on them, they've found a new way to compromise vulnerable computers: they inject code samples into legitimate websites. Imagine that hacking a trusted website could have a bigger impact than creating anonymous pages with the same purpose.

According to the same ScanSafe report, a newly-released technology developed by Yahoo and McAfee failed to flag and block most of the malicious websites found on the web, which underlines, once again, the risks caused by a web-based malware.

"The hackers behind this attack have been employing techniques to elude detection and as a result, the only way to block the malware is if the affected Web page is scanned in real-time, which is what ScanSafe does," the ScanSafe official added.