Topic: Legit websites face malware hits

[Samker]

Legitimate websites are a growing frontier for malware attacks with over ten million pages affected every year.

Security start-up Dasient claimed the threat has risen as more people create their own websites and blogs without proper built-in security protocols.

Anyone opening an infected page could have the malware downloaded to their computer without even realising it.

"There's a real and present danger of the web being seriously compromised," said Dasient co-founder Neil Daswani.

"This emerging threat is becoming very real and is already affecting millions and millions of websites. 30,000 web pages are affected every day according to the likes of Microsoft and the security firm Sophos," said Mr Daswani who was a senior security engineer at Google.

"Attack waves"

Dasient said the growing problem is not just down to inexperienced web masters or those trying to save on security measures.

"Today's sophisticated web is much more complex than in the past with richer functionality, third party widgets, video, new sources of content from other places like mash-ups and user generated content.

"All these increase the attack surface and the vulnerability for attacks," said Dasient's Ameet Ranadive a former strategy consultant at McKinsey.

He also pointed to the fact that hackers are much more automated in their approach giving them the ability to cause more chaos and harm.

"In the past they might have targeted one particular website to launch an attack but now they are going after tens of thousands of websites in these aggressive attack waves," said Mr Ranadive.

Sounding a word of caution is StopBadware.com, which is made up of academic institutions, technology industry leaders and volunteers who are all committed to protecting the internet and computer users from the threats caused by bad software.

Google, PayPal, AOL and VeriSign are all members.

"There has been rapid growth in these type of attacks and web based distribution is one of the main ways malware is getting around today," agreed StopBadware.org manager Maxim Weinstein.

"The fact however that a given website contains malware does not necessarily mean every user to that site is going to get infected.

"That malware may require a user to click onto something or exploit a vulnerability on that persons web browser or target a particular operating system," he said.

Red screen

Dasient said that, as this problems escalates so does the harm to those trying to do business on the web.

Companies such as Google, Yahoo and Firefox track infected websites and blacklist them by restricting access. When a user clicks on a compromised page, an alert will pop up known as the "red screen of death" warning of the dangers of going to the site.

Mr Daswani said that in many cases companies running legitimate websites have no idea they have been hit by hackers.

"80% of websites hosting malicious software are legitimate and many only find out when a customer tries to log onto the site and can't.

"When a website is infected it can be hard to locate the exact whereabouts of the infection and clean it up. And even if they remove some of the malicious code, the bad guys can re-infect them a couple of days later."

Dasient, which has developed a web-based anti-malware service that prevents blacklisting, said its clients have in the past paid dearly.

"We have customers telling us they have lost thousands of dollars by being blacklisted and others saying traffic to their site dropped 95%-98% while on the blacklist," said Mr Ranadive.

The web's reputation is in danger thinks Mr Weinstein.

"At the extreme, the doomsday scenario is very much a case of people losing trust in the web as a secure platform for business and financial transactions," he said.

"If it's to the point of malware spreading too rampantly, even sources of information will be affected. That's an extreme view and I think a lot is being done to ensure that doesn't happen and to ensure we protect the web and its openness and ability to let people experiment and do new things."

Mr Weinstein suggested a more co-ordinated industry approach was needed to crack the problem.

"One of the real keys to solving this is that the good guys need to co-operate and share information, share data and communicate with one another more rapidly because we know the bad guys are doing those things.

"We need to make sure we are doing it as well and better than the bad guys," he said.

(BBC)

[georgecloner]

"All these increase the attack surface and the vulnerability for attacks," said Dasient's Ameet Ranadive a former strategy consultant at McKinsey.

He also pointed to the fact that hackers are much more automated in their approach giving them the ability to cause more chaos and harm.

"In the past they might have targeted one particular website to launch an attack but now they are going after tens of thousands of websites in these aggressive attack waves," said Mr Ranadive.

Well Said!  

This is the reason we need lots of information about attacks and security.  

"One of the real keys to solving this is that the good guys need to co-operate and share information, share data and communicate with one another more rapidly because we know the bad guys are doing those things.

Here's also an attack site:


Browsing a legit site using Mozilla Firefox

Thanks to Firefox, the browser blocked the site and discontinued opening the page.  


Browsing the same legit site using Internet Explorer

I have successfully opened the same website using IE, but there was a trojan virus residing in the site as it was detected by McAfee as "JS/Exploit-shell.gen" upon script execution by IE.

The exploit is directed to an unknown site: sojjokas.cn/forum/index.php (*SCF recommendation - don't visit this link!!!)