IT Jobs
The Internet is the new Wild West reports IBM consultant
Paranoid? Perhaps everyone is out to get you
By Subatra Suppiah
Published: 21:48 GMT, 11 September 09
"The Internet has finally taken on the characteristics of the Wild West where no one is to be trusted," said Sukhdev Singh, senior security consultant and regional X-Force expert, IBM Internet security systems, IBM ASEAN.
He was referring to the results of the tech giant's X-Force 2009 Mid-Year Trend and Risk Report. The report found that there has been a 508 per cent increase in the number of new malicious Web links discovered in the first half of this year. This problem is no longer limited to malicious domains or untrusted websites. The report notes an increase in malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal websites, online magazines and mainstream news sites.
"Safe browsing does not exist in today's cyberspace; neither is it only the red light district sites, such as gambling and pornographic sites, that are responsible for malware," Sukhdev added. "Search engines and social media websites like blogs and bulletins are also top categories of websites compromised now. We've reached a point where every website should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity."
Storm Trojan returns to break records | Many top companies still infected with Conficker | Experts bicker over Conficker numbers | Adobe users face week of exploit angst
Insecure Web applications
Web security is no longer just a browser or client-side issue; criminals are leveraging insecure Web applications to target the users of legitimate websites. The X-Force report found a significant rise in Web application attacks with the intent to steal and manipulate data and take command and control of infected computers.
On taking responsibility, Sukhdev points to application developers, not the operating system or Web server vendors, for allowing their codes to be easily compromised. "Web application developers are not doing the necessary pre-release code checks," he said.
Phishing decreased dramatically in the first half of 2009 due to the shift away from financial targets, the report also found. Analysts believe that banking Trojans are taking the place of financial targets that were typically phished in the past, said IBM. Last year, phishing volume was, on average, 0.5 per cent of the overall spam volume. In the first half of 2009, this figure decreased dramatically to only 0.1 per cent.
Top 10 phishing urls by country of origin
1. US: 17.1 per cent
2. Romania: 14.3 per cent
3. China: 13.8 per cent
4. South Korea: 13.2 per cent
5. UK: 5.1 per cent
6. Canada: 5 per cent
7. Russia: 4 per cent
8. Japan: 3.4 per cent
9. Singapore: 2.6 per cent
10. Poland: 2.1 per cent
The report also found that:
• Vulnerabilities have reached a plateau.
• PDF vulnerabilities have increased.
• Trojans account for more than half of all new malware.
• Phishing has decreased dramatically.
• URL spam is still number one, but image-based spam is making a comeback.
• Nearly half of all vulnerabilities remain unpatched.
.gif)
Add your commentComments
ArmoredPenguin | Published: 11:11 GMT, 20 September 2009
I agree with David Tangye. The problem is the way Windows allows the browser full access to the system. One drive-by download (without user interaction) is all it takes to be owned. I like Googles idea of sandboxing Chrome, but I don't think it is enough in itself. There are third-party solutions to sandbox a browser in Windows, but the average Joe isn't going to know how to do this. With a *nix machine, it is all pretty much done out of the box.
David Tangye | Published: 13:31 GMT, 14 September 2009
Yet again, clueless comments by clueless morons in institutions. Your problem is Microsoft Windows, not the internet. Linux machines are secure and cannot get damaged beyond the user due to a more secure architecture, where 'root' is god, not the Windows system kernel process.