Compromised legit sites power hack attacks

Trust no one

Surfers are increasingly infected simply by visiting everyday websites with vulnerable PCs due to a change of hacker tactics.

Drive by downloads and targeted attacks, rather than internet worms, have become the favourite attack mechanism, according to the latest edition of Symantec's Internet Threat Report, which gives a comprehensive run-down on prices in the underground economy.

In the past, users had to visit intentionally malicious sites or click on malicious email attachments to become victim of a security threat. These days, hackers are compromising legitimate websites and using them as a distribution medium to attack home and enterprise computers. Social networking sites such as MySpace and Facebook are a popular target for such attacks, Symantec reports.

Attackers are using site-specific vulnerabilities that can then be used as a means for launching other attacks. During the last six months of 2007, there were 11,253 site specific cross-site scripting vulnerabilities reported on the net. However, only 473 (about four per cent) of them had been patched by the administrator of the affected website during the same period, representing an enormous window of opportunity for hackers looking to launch attacks.

Stephen Trilling, vice president of Symantec Security Technology and Response, said safe computing tips such as avoiding the "dark alleys of the internet" are now redundant.

"Today's criminal is focused on compromising legitimate websites to launch attacks on end-users, which underscores the importance of maintaining a strong security posture no matter where you go and what you do on the internet."

In 2007, Symantec detected 711,912 new threats compared to 125,243 in 2006 – a greater than five-fold increase. The total number of malicious code threats detected by Symantec now exceeds one million, reaching 1,122,311 by the end of 2007. The creation of malware outnumbered the release of legitimate apps for the first time during the second half of 2007. Two thirds (65 per cent) of the 54,609 unique applications released in 2H07 were malicious.

Symantec reckons the majority of malware attacks are geared towards harvesting confidential end user information that can then be used for identity fraud, rather than aiming to gain control of compromised PCs. Two thirds (68 per cent) of the most prevalent malicious threats reported by Symantec attempt to compromise confidential information.

Attackers are using a maturing underground economy to buy, sell, and trade stolen information. This economy is now characterised by a number of traits common in traditional economies. For example, market forces of supply and demand have a direct impact on pricing.

Credit card information, which has become plentiful in this environment, accounted for 13 per cent of all advertised goods, and is selling for between $0.40 and $20. The price of a credit card in this underground market is determined by factors such as the location of the issuing bank. Credit cards from the European Union, for example, cost more than those from the US.

Bank account credentials have become the most frequently advertised item making up 22 per cent of all goods and selling for as little as $10. Compromised eBay accounts fetch anything from $1 to $8.

Phishing also continues to be a problem. In the last six months of 2007, Symantec observed 87,963 phishing hosts – computers that can host one or more phishing websites. Four in five of the brands targeted by phishing attacks during the study period were in the financial sector.

Theft or loss of a computer or other device made up 57 per cent of all data breaches during the last half of 2007 and accounted for 46 per cent of all reported breaches over the period. Government was the top industry sector for identities exposed, accounting for 60 per cent of the total. ®

Biting the hand that feeds IT © 1998–2021