Larry Bridwell, global security strategist for AVG said when he first came into this industry in the mid 90s everybody knew that if they went to a site which downloaded cracked software there was a possibility of getting something bad.
But today, “how many of you would think that if you went to the Bank of India site you will get malicious software downloaded? How many would think that if you Googled, Better Business Bureau, you would have 140 variants of malware downloaded onto your machine and this from taking the top pick from Google Adwords?” Bridwell asked.
“The past four years web-based threats have emerged to be the most malicious,” he added.
Agreeing, Raimund Genes, CTO at Trend Micro said that web based threats are a major security concern and he predicted so last year.
“My threat prediction last year was that by 2008 web threats will serve as the number one threat vector. Reason for this is because it’s more attractive for the bad guys."
Blaming the current high use of anti-spam technology, Genes said attackers can find more success with web-threats.
“They know that almost every enterprise has an anti-spam solution and has an anti-virus solution. While almost everybody protects email almost no body protects users from surfing the web," he said.
Highly publicised breaches that have occurred throughout this year include the hacking of the Dolphin Stadium website just days before the NFL Super League clash was to be held there.
Bridwell said: “Sports fans which go online just to check on their team are getting infected. No clicks, just reading. The awareness issues fall into place for the end-user cause they don’t see a difference and yet the difference is there.”
In Australia earlier this month, a majority of Sensis websites including Whitepages, Telstra Bigpond and Yellowpages had to remove advertising on their site after a local security professional and Microsoft MVP discovered malicious malware embedded in the ads.
"We’re finding the code that’s being written today and over the last several years has one purpose and one purpose only – that is to steal something," said Bridwell.
He added that the game today is coming primarily out of Russia and China involving millions of dollars.
Sean Richmond, senior technology consultant at Sophos A/NZ said, the best protection against these threats is to have updated internet security software and patches.
Warning: Number one malicous threat for 2008, Web threats
By Negar Salek on Nov 23, 2007 3:25PM