Security firm Finjan has warned that malicious code is more likely to be hosted on local servers in the US and UK than in countries with less developed electronic crime law enforcement policies.
The news follows the latest findings from Finjan's Malicious Code Research Centre (MCRC) in the form of its Web Security Trends Report for the first quarter.
Finjan analysed more than 10 million unique URLs based on live web traffic recorded in the UK. Ninety per cent of the URLs containing malicious code discovered in the study resided on servers located in the US or UK.
The security firm also noticed a continuing evolution in the complexity of attacks, specifically the increasing use of code obfuscation using diverse randomisation techniques.
More than 80 per cent of the malicious code detected by Finjan was obfuscated, making it virtually invisible to pattern-matching or signature-based methods in use by antivirus products.
There is also evidence of increasing sophistication in embedding malicious code within legitimate content, and less dependence on "outlaw servers" in unregulated countries.
"The results of this study shatter the myth that malicious code is primarily being hosted in countries where e-crime laws are less developed," said Yuval Ben-Itzhak, chief technology officer at Finjan.
"Our research shows that malicious content is much more likely to show up on a local server than one in Asia or Eastern Europe.
"Unfortunately this means that the traditional location-based reputation heuristics are increasingly ineffective against modern attacks."
Finjan found that advertising is the leading category for URLs containing malicious code, representing 80 percent of all instances.
Attackers have discovered that the multiple parties involved, and the complex structure of business relationships in online advertising, make it relatively easy to inject malicious content into generally legitimate ad delivery streams.
E-crime soars in developed countries
By Clement James on Mar 28, 2007 2:06PM