Study finds huge rise in malware this year

Malware has risen by 278 percent so far this year according to ScanSafe.

Malware has risen by a staggering 278 percent in the first half of 2008, thanks in part to the large number of websites comprised last month, so says a new study by ScanSafe. And it warns that things are only going to get worse, especially after Dan Kaminsky goes public with details about his 20 year-old DNS vulnerability.

The ScanSafe Global Threat report is a study of more than 60 billion web requests that ScanSafe has scanned, as well as 600 million web threats it has blocked from January through June 2008 on behalf of corporate customers worldwide.

The report found that web-based malware increased 278 percent during this period. This was in part due to large websites such as Wal-Mart, Business Week, Ralph Lauren Home, and Race for Life, being compromised in June by SQL Injection Attacks.

Less than a year ago, web surfers were more at risk from social engineering scams and rogue third-party advertisers, with the outright compromise of legitimate websites being relatively rare, and when they did happen, they were fairly obvious cases such as website defacements.

But now it seems that instead of attacks on the website itself, the target nowadays is the site visitor. ScanSafe says that unlike defacement, the signs of compromise are not readily apparent as the attacks are deliberately crafted to avoid casual observation.

"Today, compromises of legitimate websites are occurring en masse and in nearly all cases there are no readily visible signs of the attacks," the security expert warns.

Large number of these SQL Injection Attacks was detected back in March this year. Then in April, attacks on legitimate web domains, including some belonging to the United Nations, expanded dramatically. In June, ScanSafe found that SQL injection attacks accounted for 76 percent of all compromised sites.

Indeed, Microsoft and Hewlett-Packard launched in June free tools to help web developers and site administrators defend against the rapidly growing number of SQL injection attacks.

ScanSafe says the increasing numbers of these attacks on legitimate websites can be blamed on automated attack tools, which became freely available in the last months of 2007.

"The mass compromise of websites poses a particular challenge to corporate users," said Mary Landesman, senior security researcher, ScanSafe. "The impacted websites are typically known, legitimate, and trusted sites with a business purpose. These are sites that users visit frequently and the attacks are so stealthy and unobtrusive, that most visitors don't know that they've been infected."

"SQL injection attacks, an exploit in which the attacker adds Structured Query Language (SQL) code to a web form input box to gain access to resources or make changes to data, have rapidly become the most common form of website compromise, outpacing all other types of compromise by 212 percent."

Besides the SQL injection attacks, ScanSafe also found that password stealers and backdoor Trojans are the most commonly blocked malware. This category of malware increased from 4 percent of malware in January to 27 percent in June.

And according to Landesman, things could be about to get a lot worse.

"It is already bad," she told Techworld, "but we have seen from a study we carried out in May 2007 and then again in May 2008, that the number of DNS exploits have increased 1392 percent since May 2007."

"But we are still talking about relatively small numbers, so this was put on our watch list," she said. "However a number of things have occurred since May that give me cause for greater concern," she said, pointing to the mass DNS patch of last week across a huge section of the industry.

She is especially worried about the 20 year old DNS vulnerability that has been discovered by Dan Kaminsky, and which he will make public in August.

"Once details of that vulnerability are released, there will be huge interest in the attack community to exploit it," said Landesman. "Industry concern is huge at the moment. A user could open their browser, type in '', and then trust the website that they are directed to."

"But if a user's DNS is poisoned, the site may look identical to Google but every link could be to fraudulent sites," she warned. "If the DNS is poisoned, and you try to log onto your bank account, it could direct you to look-a-like site, and then as you try to login, it sends the password details to the real site, and your attacker can now log onto your bank account."

Landesman does not believe that Kaminsky DNS vulnerability discovery is a publicity stunt. "He entrusted two others who criticized him to take a look at the vulnerability. They did and then they both posted retractions and said it was very serious flaw."

Landesman feels that while there has been a huge increase in raw numbers of these attacks, they are still low, but after August this will change.

"If you own someone's DNS, you own everything they do online," she warned. "After the DNS disclosure it may be a very dark time. The clock is ticking for IT administrators to secure their networks."

"We strongly encourage them to consider their web security as a primary focus," she said. "They should assess their web security, and take steps to ensure that users, when browsing the web, are not serving as a convey belt of malware exploits."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tom Jowitt
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?