NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0226 Compromised Web Pages New Vehicle of Choice for Malware:
Growing evidence indicates that compromised web pages are replacing email as the vehicle of choice for mass malware distribution, according to an online IT journal article. Multiple layers of exploit code - from simple UU-encoding techniques to elaborate self-decoding Java scripts - have found a blind spot in safeguards such as traditional anti-virus and Intrusion Detection Systems (IDS), according to the article. On average more than 5,000 new web sites hosting malware are discovered daily, with China leading the way as the top malware hosting country in the world. Web-based malware is seeing explosive growth, up over 150% from that seen in 2006, while email based malware has dropped to less than half of 2006 totals. In one case, a single malware-hosting web site reportedly contained a list of more than 600 other suspected malware sites.
The situation has led to a more modern approach to IT security known as "reputation-based defense systems" which develop reputation scores for specific IP addresses, networks, domains and other Internet entities, as well as message content and images. One such system, developed by TrustedSource, examines dozens of variables, including when the domain was registered; who owns the domain and what other domains are owned by that entity; where the URLs are accessed from and at what times; and how many IP addresses host a given domain.
A separate press article notes that McAfee and Google already use reputation-based defense systems, and that Symantec is looking into such an approach.
(www.securecomputing.net.au 27JUN07; news.yahoo.com 22JUN07)