NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0366 Most Malware Comes from Legit Sites:
A security researcher says the majority of web sites serving up attack code are
legitimate domains that have been hacked by criminals. It's the first time that
legitimate sites outnumber sites hackers purposefully set up to spread malware.
According to data compiled by Websense Inc.k, 51% of the sites it classified as
malicious in the second half of 2007 had been compromised then seeded with attack
code that infected unpatched machines visiting the URLs. The remaining 49% were
"intentionally built for malicious intent," the Websense report said. Hacking
legitimate sites to make them sling malware gives attackers instant advantages.
The researcher said, "It's a great vector because they don't need to drive users
to the sites in many cases; they also get free hosting, of course, [it's] hard
to trace ownership. Additionally, if someone is allowing access based on reputation,
then they may go undetected." A significant number of the sites are compromised by
the multi-exploit tool kits made infamous by Mpack Neosploit. Websense estimates
that 19%, or about one in five, of malicious sites were created or compromised
using such tool kits.
(ComputerWorld 23JAN08)