by Jameson Parker
Posted on September 11, 2009
IBM’s X-Force 2009 Mid-Year Trend and Risk Report says that there has been a tremendous increase of 508% in malicious web links over Internet during first half of 2009. The malicious content was found even on trusted sites, including search engines, blogs, bulletin boards, personal websites, online magazines, and mainstream news sites.
“There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity,” says X-Force Director Kris Lamb.
“The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plugins, content, and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users.”
Vulnerabilities rate decreases by 8%
The number of new vulnerability disclosures in the first half of 2009 was 3,240, an eight percent decrease over the first half of 2008. This is at the lowest level in the past four years. The number of new, high severity vulnerability disclosures is down by nearly 30 percent in comparison to 2008. Sun replaces Microsoft as the top spot of vendor with the most vulnerability disclosures. When it comes to OS vulnerabilities, Sun Solaris surpassed Apple in terms of new OS disclosures.
Spam and Phishing
In the first half of 2009, 66 percent of phishing was targeted at the financial industry, down from 90 percent in 2008. Online payment targets make up 31 percent of the share. Analysts believe that banking Trojans are taking the place of phishing attacks geared toward financial targets. Online payment targets now make up 31 percent.
Malicious websites continue to flourish
The overall number of countries with at least one malicious link has significantly increased, up 80 percent over the entire year of 2008. The number of new malicious Web links increase by 508%. Malicious websites are opting new techniques to entice users to click on malicious links. Apart from Gambling and Pornography, Search Engines and Social Media Web sites like blogs and bulletin boards are also in the top categories of Web sites compromised or simply abused by attackers to host malicious links.
Trojans continue to take up a greater percentage of new malware
Trojans continue to take up an even greater percentage of the new malware discovered this year. They have increased by 9%, comprising 55 percent of all the new malware discovered in the first half of this year in comparison to 46 percent in 2008. Information-stealing Trojans are the most prevalent malware category.
Trends of Unwanted Internet Content
The report says that Unwanted or “bad” Internet content is associated with three types of Web sites: adult, social deviance and criminal. About 8% of current Internet comprises of unwanted content.
Conficker conflict
“Conficker was created by the cyber criminals as a platform for mass distributing any executable content they want – it can be an updated version of Conficker, and more importantly monetize this distribution platform by distributing other types of malware.
Blended threats such as Conficker will try to infiltrate systems using a number of possible means. Computers protected by weak passwords, unsecured shares and without latest security updates are more likely to be infested with Conficker worm. Infected removable devices (USBs and external hard drives) have high possibilities of spreading it.
This recent report from IBM exposes the dramatic increase in vulnerabilities and threats over Internet. It is a major concern this time where a vast percentage of businesses are shifting to Internet for transactions like marketing, selling, providing services, payments, etc. It also puts millions of Internet users at stake. It is high time for online businesses and Internet users to get aware of these threats and take precautions.
“There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity,” says X-Force Director Kris Lamb.
“The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plugins, content, and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users.”
Highlights of the report include:
Vulnerabilities rate decreases by 8%
The number of new vulnerability disclosures in the first half of 2009 was 3,240, an eight percent decrease over the first half of 2008. This is at the lowest level in the past four years. The number of new, high severity vulnerability disclosures is down by nearly 30 percent in comparison to 2008. Sun replaces Microsoft as the top spot of vendor with the most vulnerability disclosures. When it comes to OS vulnerabilities, Sun Solaris surpassed Apple in terms of new OS disclosures.
Spam and Phishing
In the first half of 2009, 66 percent of phishing was targeted at the financial industry, down from 90 percent in 2008. Online payment targets make up 31 percent of the share. Analysts believe that banking Trojans are taking the place of phishing attacks geared toward financial targets. Online payment targets now make up 31 percent.
Malicious websites continue to flourish
The overall number of countries with at least one malicious link has significantly increased, up 80 percent over the entire year of 2008. The number of new malicious Web links increase by 508%. Malicious websites are opting new techniques to entice users to click on malicious links. Apart from Gambling and Pornography, Search Engines and Social Media Web sites like blogs and bulletin boards are also in the top categories of Web sites compromised or simply abused by attackers to host malicious links.
Trojans continue to take up a greater percentage of new malware
Trojans continue to take up an even greater percentage of the new malware discovered this year. They have increased by 9%, comprising 55 percent of all the new malware discovered in the first half of this year in comparison to 46 percent in 2008. Information-stealing Trojans are the most prevalent malware category.
Trends of Unwanted Internet Content
The report says that Unwanted or “bad” Internet content is associated with three types of Web sites: adult, social deviance and criminal. About 8% of current Internet comprises of unwanted content.
Conficker conflict
“Conficker was created by the cyber criminals as a platform for mass distributing any executable content they want – it can be an updated version of Conficker, and more importantly monetize this distribution platform by distributing other types of malware.
Blended threats such as Conficker will try to infiltrate systems using a number of possible means. Computers protected by weak passwords, unsecured shares and without latest security updates are more likely to be infested with Conficker worm. Infected removable devices (USBs and external hard drives) have high possibilities of spreading it.
This recent report from IBM exposes the dramatic increase in vulnerabilities and threats over Internet. It is a major concern this time where a vast percentage of businesses are shifting to Internet for transactions like marketing, selling, providing services, payments, etc. It also puts millions of Internet users at stake. It is high time for online businesses and Internet users to get aware of these threats and take precautions.
Cyber-Smarty.com website provides information on how to protect yourself online including dealing with online threats, online fraud and similar topics. It also provides information on new cyber threats and vulnerabilities. It provides cyber security tips / precautions to take while working with a computer and Internet. Essentially, helping you make smart choices on the Internet for your own safety.
Print This Article|
Send To A Friend|
RSS Feeds|Read More Related ArticlesCOMMENT ON THIS ARTICLE...
Post them now in our forums for quick, helpful advice from thousands of members!
SEO Articles
Internet Marketing Articles
Development Articles
General Articles
And also in our Archives
Internet Marketing Articles
Development Articles
General Articles
And also in our Archives
Drive traffic to your business and get recognized as an industry leader by sharing your knowledge on Site-Reference. Authors are given a wide range of exclusive benefits here at SR; so checkout what we can offer to those that…
We’re always on the lookout for new writing talent so even if haven’t written for the web yet, feel free to contact us anytime
We’re always on the lookout for new writing talent so even if haven’t written for the web yet, feel free to contact us anytime
Rob writes: Today I read another article on this site:
http://seo.site-reference.com/google-hijackers-from-crackers-check-your-htaccess/
The article gives some clues as to why I was getting fake search results on Google (mentioned by me in an earlier comment here) I have now looked at my htaccess file. I fear that a huge amount of traffic to my website has been diverted to other sites for the hacker's purpose.
8:18:56 Tue Nov 3 2009 CST
Rob writes: I've seen Google results showing 60% of results in the top 15 pages all being sites infected with malware.
My Genuine website is lost amongst this garbage!
The odd thing is Google lists them as "safe". On reading the descriptions under the headings - one can easily see that these sites have no relevant content other than the search term itself. It's easy to see Google's bots have no analytical powers at all, allowing every crappy web page to be listed as genuine. Bahh to Google for not taking some responsible action.
3:51:49 Thu Sep 17 2009 CDT
Rod writes: Thanks for the article! I am finding more emails form phishing sties that are trying to scam and get credit card and online payment log in information each and every day! I report them every time, but it doesn't seem to slow them down.
I wonder how many people fall for the fake website links?
thanks again I enjoyed reading this article!
8:40:16 Wed Sep 16 2009 CDT
Karl writes: As dan wrote, its a good article, though this is only going to get worse as the economy drives the people with the skills out of decent jobs in IT and into more seedier online activities to make a quick buck from the people who are a little less savvy than themselves.
The whole protocoll is floored and need's to be re-designed. Script kiddies launching DDoS attacks at big household name sites shouldnt be able to bring multimillion pount businesses to their knees.
Things need to change, in a big way.
9:38:21 Tue Sep 15 2009 CDT
kitty writes: Thanks.
The links don't work.
7:09:58 Tue Sep 15 2009 CDT
Dan writes: Thanks
good article but personally i think it's the crime of the future and there is little we can do about it.
3:44:53 Tue Sep 15 2009 CDT
Pages: 1