Recent years have seen dramatic change in both malware (malicious software designed to infiltrate your IT System without your consent) and the internet more generally. Today's malware is no longer a digital prank – it’s purely profit-motivated, and more decidedly criminal than ever. Likewise, the web is no longer a collection of static individual sites – it’s a dynamic inter-connected community, supported and enriched by third party content and services.
In late 2007, automated tools were introduced to an already combustible mix. These allow for continued, repeat mass compromise of millions of Web pages, and they’ve revolutionised malware delivery (in much the same way that automation revolutionized the manufacturing industry in the late 1800s). All of this has created new risks for users, both in the severity of the threat and the volume.
The result? In the first half of 2008, Web-based malware risk increased by 278%. Last month, the amount of Web-based malware blocked by ScanSafe was greater than the total for the whole of 2007. And 83% of it came from legitimate websites that had been compromised (SQL injection attacks were by far the most common, accounting for 75% of the total).
These developments make life a lot more difficult for IT security professionals, who must not only protect their corporate Web sites from compromise, but also ensure their users' systems are protected from external threats. What’s more, the malware delivered by compromised websites usually consists of ‘backdoors’ and (highly customizable) password-stealing ‘trojans’ – both of which pose unique risks to your business.
Unlike network or Internet worms, Web-based malware can't be resolved by applying single software ‘patches’. Today’s malware will be constantly updated with new areas of vulnerability right across your system – which means that a near-continuous patch management solution is absolutely critical. It also uses clever obfuscation techniques, which are constantly updated to avoid detection by standard methods – this ensures a high degree of success even if you have aggressive update procedures in place.
To make matters worse, there’s been a dramatic leap in the sophistication of social engineering scams designed for malware delivery (where the program persuades you to click through by pretending to be from one of your friends). The success of these scams has been such that in July 2008, 95% of ScanSafe customers attempted to click through to malicious content advertised this way.
All in all, today's conditions could not be more favorable for malware delivery. And it’s turning conventional notions of safe surfing on their head: these days, the biggest malware threat comes from known, trusted, legitimate sites which have been compromised. And thanks to automated tools, it's no longer a matter of if you encounter a compromised site, but when.
Mary Landesman is Senior Security Researcher at ScanSafe, the world's largest provider of SaaS Web Security.