Web site threats rocket

Powered by SC Magazine

The threat to firms of their Web sites being hacked has risen dramatically, according to new research from web security vendor ScanSafe.

The security software-as-a-service provider reported that 68 percent of all Web-based malware it blocked on behalf of its enterprise customers last month was found on legitimate sites, up more than 407 percent compared to the same time last year.

SQL injection attacks are the most common cause of these sites became compromised, according to ScanSafe. This method of attack is designed to deliver "password stealers and backdoors to visitors’ computers", the firm said.

“The criminals are leveraging the popularity of these web sites - when you compromise a site drawing hundreds of thousands of visitors a day it's a much faster way to reach [a large audience]," said ScanSafe senior researcher, Mary Landesman.

"In terms of what IT managers can do for theri own web servers; OWASP is an open web app security project offering tools and technologies to assist the web site owner."

In related security news, Raimund Genes, chief technology officer of Web security vendor TrendMicro, has hit out at current malware testing techniques, labeling them "antiquated".

The firm has said it will no longer support testing by Virus Bulletin – regarded as one of the premier independent testers in the anti-virus industry – because of the organisation's failure to recognise modern testing techniques such as behavioural analysis and heuristics.

He added that widespread testing methodologies such as pattern matching and whitelisting are not effective in detecting modern day threats, which are ever-changing and more covert.

"Testing procedures and methodologies were developed twenty years ago when incidents were isolated and viruses were written for fun," Genes argued.

"As long as malware is tested in an isolated lab environment with no internet connection, it is not relevant – security companies want independent testing in real-life scenarios."

Genes explained that the major security vendors which are members of industry body the Anti Malware Testing Standards Organisation (AMTSO), are currently working towards new testing methodologies.

itweek.co.uk @ 2010 Incisive Media

Top Stories
Windows 10 lands in Australia
Campaign to get business to upgrade kicks off.
NSW to build its own myGov
Service NSW digital profiles available by September.
Android bug leaves a billion phones open to attack
Hackers only need phone number to target devices.
Sign up to receive iTnews email bulletins
Latest Comments
Should law enforcement be able to buy and use exploits?

   |   View results
Only in special circumstances
Yes, but with more transparency