Malware prominent on user-generated content websites

Malware has moved from the dark corner of the internet to more popular areas, such as online storage and open/mixed content sources.

Blue Coat Systems' 2011 web security report, which examines web behaviour and the malware to which users are most frequently exposed, found that malware hides in acceptable web categories.

The number of new online storage sites hosting malware increased by 13 percent, while the number of new open/mixed content sites hosting malware increased by 29 percent.

Dave Ewart, director of product marketing for Blue Coat, told SC Magazine that both of these categories typically fall within acceptable use policies for most companies, which could cause a problem when trying to avoid infection.

“If you asked some older users of the internet where you get viruses from they would say it is from pornography sites or online gambling and pornography is still popular as the area is dark and dangerous, but it is shocking that online storage went up by 13 per cent in a year, while open/mixed content mash-up sites went up by 29 per cent,” he said.

“Those websites typically do not get detected on a reputation-based system and user based reputation-based technology on a traditional system does not cut it anymore. This calls into question anyone who relies on reputation-based filtering and one of the technologies we offer is to scan in real-time to create a report on what is going on.”

The report, which analysed web requests from the Blue Coat WebPulse service, which rates nearly three billion requests in real-time on a weekly basis, also found that social networking sites are becoming more of a malware vector.

With social network phishing and click-jacking attacks two of the most common types of attacks on the likes of Facebook and Twitter thoughout 2010, the report said that the shift of phishing attacks to social networks is particularly driven by the attempt to obtain user credentials that can also provide access to banking, financial and other online accounts that use shared passwords.

Ewart said: “Social networking is now the second most requested category of website and we are also seeing that webmail applications are really suffering. It is obvious that traditional communications are falling as ‘generation Y' prefer to talk using Facebook.” 

Steve Daheb, chief marketing officer and senior vice president at Blue Coat, said: “Today, dynamic web links are the most powerful tool cyber crime has and static web ratings that require update cycles are too slow when the bad guys can harvest users within minutes.”

This article originally appeared at scmagazineuk.com