IBM finds sharp spike in malicious content on trusted sites

Latest midyear trend report finds users being bombarded with malicious Web links. Attackers target trusted search engines, blogs and mainstream news sites to pass malicious code.

The most trusted websites, such as search engines, mainstream news sites and some blogs, are increasingly at risk of hosting malicious links that pass malicious code to their visitors, according to the latest data collected by researchers with IBM's X-Force security team.

SearchSecurity.com:

To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Big Blue's "X-Force 2009 Mid-Year Trend and Risk Report" outlines a sharp increase in new malicious Web links and consistent attacks against Web applications that could undermine the security of some database servers.

Kris Lamb. director of IBM's X-Force team, said users who stay away from "red light district" sites are still at risk, as more trusted sites have been found to host malicious code used in drive-by attacks.

"We've reached a tipping point where every website should be viewed as suspicious and every user is at risk," Lamb said in a statement. "The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity."

Trusted websites hosting links that lead to malicious webpages could be linked to a rise in Web exploit toolkits, IBM said. Once a person browses to a site hosting the toolkit, it can deliver all the exploits at once to them or select specific exploits based on a person's referring URL, browser cookies or geographic location. 

Latest security threat news:

Trojan downloaders, droppers skyrocket, Microsoft says
The spread of Trojan horses via downloaders and droppers is multiplying rapidly, infecting nearly 19 million computer users in the second half of 2007.

Twitter, Facebook hit by denial-of-service attacks
: Twitter was shut down for more than two hours and Facebook service slowed as the ubiquitous social networking websites were hit by denial-of-service attacks.

IT pros can detect, prevent website vulnerabilities, thwart attacks: Until vendors release a cohesive set of tools to protect against website attacks, IT security pros have a number of ways to detect vulnerabilities.

Trojan stealing FTP credentials, attacking FTP websites: A Trojan has collected up to 80,000 unique FTP server logins and is injecting malicious code into thousands of FTP websites.

The Internet security threat report noted a 508% increase in the number of new malicious Web links discovered in the first half of 2009. The number of countries hosting malicious URLs has also risen sharply since 2006. While gambling and pornography websites continue to harbor the most malicious content, they are followed closely by personal homepages and search engines.

Attackers are also increasingly targeting trusted news sites, blogs, bulletin boards and education websites, which were also identified as favorite spots for attackers to plant malicious code.

"The [malicious links] distribution is probably more representative of the types of websites that attackers like to frequent in hopes of finding a loop-hole (like a vulnerability or an area that allows user-supplied content) in which they can incorporate these malicious links in hopes of compromising an unsuspecting victim," IBM said in its report.

Although vulnerability disclosures of SQL injection and ActiveX vulnerabilities are declining, according to IBM, attackers are still targeting the flaws in increasing numbers. SQL injection attacks -- the method used by hackers suspected in the Heartland Payment Systems Inc. breach -- rose 50% from the final quarter of 2008 to the first quarter of 2009. IBM said SQL injection attacks spiked again this spring, jumping 46% in April and 76% in May.

Many SQL injection vulnerabilities were discovered in 2008 when attackers turned to automated tools to discover flaws and exploit them on live websites, IBM said. The Trojan Asprox used search engines to automatically test websites for the vulnerabilities.

"For many security administrators and researchers, these automated tools put increased pressure on them to find SQL injection vulnerabilities before the attackers do," IBM said in its report.

Trojans, designed to steal data, log key strokes and download additional malware, continue to dominate all new malware, according to the report. In the first half of 2009, Trojans comprised 55% of all new malware, a 9% increase over the first half of 2008. Information-stealing Trojans are the most prevalent malware category, IBM said. Backdoors, which enable a remote attacker to log on and execute commands on an affected system, ranked second at 21%.

The IBM security researchers said publicly available toolkits could be fueling the increase in Trojans and backdoors.

"This trend is expected to continue since these toolkits are very easy to use, and from a malicious user's perspective, he/she just needs to get the "job" done without much technical investment on their part," IBM said.

Dig deeper on Security Industry Market Trends, Predictions and Forecasts

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close