Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Internet attacks focus on websites and e-mail links

Gerald Wee | March 31, 2009
Infected websites increase three-fold while email-borne malicious links reaches nine month high.

SINGAPORE, 31 MARCH 2009 - According the latest reports by security intelligence company MessageLabs, the number of malicious websites blocked for hosting malware tripled in March, with almost 3,000 potentially harmful websites being intercepted daily. In addition, the percentage of e-mail-borne malware containing links to malicious sites reached its highest level since June 2008, rising 16.5 per cent to 20.3 per cent.

Having focused on e-mail tactics for the latter half of 2008 and early 2009, the cyber criminals are now varying their strategies, and turning their attention towards Web-related tactics, so as not to become too predictable, said Paul Wood, MessageLabs Intelligence senior analyst, Symantec. Their goals of financial gain and espionage remain the same, however.

The findings, found in the March 2009 MessageLabs Intelligence Report, saw a steep risealmost 200 per centin malicious websites revolved around the resurgence in using images containing injected scripts, such as JavaScript or VBScript. The report noted that this appeared to be attempts to exploit a flaw in older browsers that appends the injected script to the end of the images binary code, which can achieve monetary rewards through simulated online advertising.

Many of the websites used to host these images included free image hosting websites, potentially extending to some popular social networking and multimedia file-sharing sites that allow users to upload and share pictures. Malicious links sent through e-mail and hosted on infected or compromised websites represent a growing area of risk for businesses as many attacks are designed to steal personal data and confidential information simply when users visit an infected site.

Financial crunch

Throughout the first quarter of 2009, spammers have continued to rely on the economic recession to target their spam campaigns at consumers who are finding it more difficult to secure credit and are thus more vulnerable during uncertain times.

MessageLabs Intelligence noted an increase in genuine e-mails being sent by cash-strapped individuals who have turned to e-mail as a means of seeking charitable assistance from some businesses. These messages are small in volume by comparison with the wider volume of spam and phishing e-mails, but seemingly equally liable to provoke an inflamed response from many recipients who believe they are fakes or scams.

The economy and other seasonal happenings, such as St. Patricks Day and the US March Madness basketball tournament, remain predictable avenues for spammers, phishers and fraudsters to explore, said Wood. Its not likely these spamming tactics will go away, but in the coming months we may see more non-traditional spamming techniques, like those from cash-strapped individuals seeking charity, begin to take hold.

More security highlights

Web security: Analysis of Web security activity shows that 61.6 per cent of all Web-based malware intercepted was new in March. MessageLabs Intelligence identified an average of 2,797 new websites per day harbouring malware and other potentially unwanted programs such as spyware and adware, an increase of 197.2 per cent since February.


1  2  Next Page 

Sign up for Computerworld eNewsletters.