Malware threats double from a year ago

By Justin Mann on April 25, 2007, 2:56 PM
Despite the launch of IE7 and Vista, and despite increased awareness of security threats, malware is still a growing threat. It is growing so fast, in fact, that it seems we have more than twice as many new threats coming out than we did compared to a year ago. On the same token, the number of infected e-mails has actually dropped. Much like Trend Micro is warning about, many of the new threats are web-based ones. In fact, Sophos is identifying an average of 5,000 new infected pages every day. A lot of these, it seems, are due to administrators not properly maintaining their servers:

"What's most worrying is that so many Web sites are falling victim because the owners are failing to properly maintain them and keep up to date with their patches," said Carole Theriault, a senior security consultant at Sophos, in a written statement. "The average Internet user assumes sites like the Miami Dolphins homepage are safe to access, but by targeting a whole range of Internet pages, hackers are successfully infecting a larger number of unwary surfers. Any ill-maintained Web site can fall victim."
Of course, an infected website only helps to amplify the problem lots of visits, lots of potential infections. The more infections, the faster it can spread. Still, the numbers were surprising 23,864 new threats in the first quarter of this year alone.

User Comments: 2

Got something to say? Post a comment
Jibberish18 said:
You know, one of the things that really chaps my ass is people not keeping up with security. It's one thing for your average home user too not think about security too much but when Small Business Owners and even Large Corporations, don't keep up with their own security, it really makes you think twice about your vulnerability on the internet.I work at a company that depends on the internet for the use of their web-based software and it's sad to see that they're still using outdated encryption methods to secure and protect thousands of people's very private and critical information.
phantasm66 said:
Web Applications are the new attack vector for hackers. Its taken Microsoft 10 years to get their act together - how long do you think it will take all the Web Masters of the Internet to lock down their Web applications - 50 years?Cross Site scripting (XSS) attacks are the new buffer overflows. By malforming URLs, injecting SQL and so forth, its possible to do all kinds of nasty things. When the Internet was originally conceived, no one ever thought that all this dynamic content, Web 2.0 stuff would ever happen - they just expected static content, text, pictures and links. Now we have Web Applications all over the place that are loaded up with vulnerabilities - even the sites of most major banks have these kinds of flaws. Its scarey.Also, malware is big business now. It used to be something that people did for a laugh - or for bragging rites. Now, its something that can make you money. Someone in command of a big botnet fleet (which XSS can help you assemble) can make a fortune doing spam, DDoS, etc. There so much more insentive now for people to work on hacks as a job as opposed to just some fun / vandalism.My advice? Learn to secure your Web Applications, or you might wind up on the wrong end of a law suit or something.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.