BOSTON--()--Sophos, the largest privately held vendor in the secure content and threat management market today published new research into the first six months of cybercrime in 2008. The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals are increasingly using creative, new techniques in their attempt to make money out of internet users.
“Businesses and home users need to bite the bullet and take better care of their computers, networks and websites – regardless of whether they are running Windows or not – or risk losing everything in a hack attack.”
It is estimated that the total amount of malware in existence now exceeds 11 million, with Sophos currently receiving approximately 20,000 new samples of suspicious software each day – one every four seconds. The firm’s report – available from http://www.sophos.com/securityreportjul2008 – reveals that most attacks are now designed to try and out-fox traditional security systems such as email scanning.
WEB SITE INFECTION RATE THREE TIMES FASTER THAN 2007
The first half of 2008 has seen an explosion in threats spread via the web, the preferred vector of attack for financially motivated cybercriminals. On average, Sophos detects 16,173 malicious webpages every day – or one every five seconds. This is three times faster than the rate seen during 2007.
Over 90 percent of the webpages that are spreading Trojan horses and spyware are legitimate websites (some belonging to household brands and Fortune 500 companies) that have been hacked through SQL injection.
SQL injection attacks exploit security vulnerabilities and insert malicious code into the database running a website. Companies whose websites have been struck by such an attack often clean up their database, only to be infected again a few hours later. Users who visit the affected websites risk having their computer taken over by hackers, and their personal information stolen by identity thieves.
Sophos has identified that the number one host for malware on the web is Blogger (Blogspot.com), the blog publishing system owned by Google, which allows computer users to make their own websites easily at no charge. Hackers both set up malicious blogs on the service, and inject dangerous web links and content into innocent blogs in the form of comments. Blogspot.com accounts for two percent of all of the world’s malware hosted on the web.
MALICIOUS HACKERS TRY NEW TECHNIQUES TO SPREAD VIRUSES AND SPAM
Sophos’s Security Threat Report details attempts by hackers and spammers to take advantage of Web 2.0 websites such as Facebook and LinkedIn, attacks against non-Windows devices such as Apple Macs and Linux, and the likelihood of emerging threats which target Apple iPhone users.
“The biggest malware problem is undoubtedly on Windows, but that doesn’t mean Mac and Linux users should be complacent. Threats for other platforms are encountered, and there is a risk that users of these operating systems may be suffering from the incorrect belief that they are somehow immune from internet attacks,” said Graham Cluley, senior technology consultant at Sophos. “The use of systems like Facebook, Bebo and LinkedIn proves that cybercriminals are looking for new ways to spread their malicious code and unwanted adverts.”
According to Sophos’s report, one other growing method for spammers is to spread their messages via mobile phones. According to the Internet Society of China, an astonishing 353.8 billion spam messages were sent to the country’s mobile phone users in the last year – with almost 440,000 formal complaints in June 2008 alone. Although the problem is much smaller elsewhere in the world, Sophos has also identified SMS spam campaigns that have succeeded in clogging up phone lines in the US and Europe.
NICOLE KIDMAN AND ANGELINA JOLIE ENDANGER SAFETY OF COMPUTER USERS VIA EMAIL
Although most attacks are now taking place via infected websites, email continues to present a danger. It is common for cybercriminals to spam out links to compromised websites, often using a subject line and message to tempt computer users into clicking through the promise of a breaking news story or a lewd topic.
Attacks via email file attachments, however, have reduced in 2008. Only one in every 2,500 emails examined in the first six months of 2008 was found to contain a malicious attachment, compared to one in 332 in the same period of 2007. The Pushdo Trojan dominated the chart of most widespread malware spreading via email, accounting for 31 percent of all reports. Pushdo has been spammed out during the year with a variety of disguises. Some for example, have claimed to contain nude photographs of Hollywood stars Nicole Kidman and Angelina Jolie.
Corporate executives have been put at risk during the first six months of 2008 with targeted malware, designed to infect individuals at specific corporations rather than the internet community at large. In April, there was a specifically targeted malware campaign emailed to chief executive officers of various companies, all pretending to be subpoenas from US federal courts, trying to frighten hand-picked recipients into opening the dangerous attachment.
“This report makes it clear that the need for proper security has never been higher. Hackers are becoming more inventive in the way that they try and infect computers around the world – the motivation driving them to be creative in their attacks is the large amount of money at stake,” continued Cluley. “Businesses and home users need to bite the bullet and take better care of their computers, networks and websites – regardless of whether they are running Windows or not – or risk losing everything in a hack attack.”
About Sophos
Sophos enables enterprises worldwide to secure and control their IT infrastructure. Our network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift.
With over 20 years of experience, we protect over 100 million users in nearly 150 countries with our reliably engineered security solutions and services. Recognized for our high level of customer satisfaction, we have an enviable history of industry awards, reviews and certifications.
Sophos is headquartered in Boston, MA and Oxford, UK. More information is available at www.sophos.com.
Facebook
Twitter
LinkedIn
Delicious
Reddit
StumbleUpon
Digg
MySpace
Newsvine
Google Bookmark
Yahoo! Bookmark
Email
Email 
