Study finds that malware infections growing

From: http://www.mysanantonio.com/business/84358082.html

A recent report by a security startup company suggests that the number of Web pages infected with malware almost doubled in the last quarter, compared with a year ago.

More than 560,000 Web sites and their approximately 5.5 million pages were infected with malware in 2009's fourth quarter, according to Dasient, based in Palo Alto, Calif.

In those three months, sites for Fox Sports, technology blog Gizmodo and the Gerald R. Ford International Airport in Grand Rapids, Mich., were exploited to deliver malware to unsuspecting visitors.

In contrast, a Microsoft security report identified about 3 million infected pages during the last quarter of 2008.

The findings suggest that Web-based infections have proven an effective form of malware distribution for criminals, Dasient co-founder Neil Daswani said.

“Web-based malware is working for attackers, and (they) have doubled their investment in these infection techniques,” he said.

During the third quarter of 2009, Dasient found that more than 640,000 Web sites — comprising 5.8 million pages — were infected.

While the amount of infections decreased from one quarter to the next, the figure has remained considerably high.

Also, the likelihood of catching a bug from a larger, infected Web site grew. During that same period, hackers went from infecting a fifth to a fourth of all content in Web sites with 10 pages or more.

“The implication for a Web site is, the more URLs get infected, the more difficult it is to identify where the infection occurred,” said Ameet Ranadive, another Dasient co-founder.

And even after the malware was removed, four out of every 10 Web sites were reinfected in the fourth quarter.

Not surprisingly, the number of sites that became infected rose right before and during Thanksgiving and Christmas, the busiest time for online shopping.

Dasient researchers said they believe they are witnessing an important shift in the way malware is distributed.

Typically, malware piggybacks on e-mail attachments or is distributed via online ruses such as fake anti-virus products that prompt potential victims to download malicious software into their computers.

But this more recent brand of infection, known as a drive-by download, can turn even legitimate, trusted Web sites into potential infectors.

In these attacks, malware begins downloading into victims' computers the minute they visit an infected Web site.

Hackers can compromise Web sites through several techniques, such as exploiting vulnerabilities in Web applications, stealing the site's administrative credentials or infiltrating the site's ad network.

“I used to say that drive-by downloads were an emerging threat, but that's no longer true,” said Adam Barth, a post-doctoral fellow at the University of California, Berkeley who has researched browser security.

Some researchers point to recently reported attempts to compromise the Gmail accounts of Chinese human rights activists as an example of this type of attack.

They believe criminals targeted and lured Google staffers into specific infected Web sites and exploited previously undiscovered vulnerabilities in Internet Explorer 6 to launch drive-by download attacks and to compromise their systems.

In September, the New York Times' Web site also fell prey to this criminal tactic when hackers infiltrated the company's advertising network and managed to post an ad with malicious content.