I’ve talked here before about the change that has taken place in the nature of malicious software attacks against Internet users. In the early days of the ‘Net, the prototypical hacker was a socially- and hygienically-challenged adolescent (of whatever chronological age), who was seemingly motivated mainly by the thrill of doing something naughty — kind of like graffiti. Today, much of the malware that we see is directed toward frankly criminal ends: identity theft and fraud, industrial espionage, and theft. The technology used has changed, too. At one time, sending E-mails with malicious attachments was the most popular attack vector. Today, the malicious Web site serving “drive-by downloads” seems to be the method of choice.
There is a recent post on the ThreatPost blog, run by the security firm, Kaspersky Labs, which reports some sobering news. According to a survey conducted by Dasient, Inc., a supplier of Web security tools, there were more than one million Web sites serving malicious software, just in the second quarter of 2010. This amounts to about 1% of current Web sites, with .com and .cn being the most common top-level domains for the compromised sites. The authors of the report suggest that one factor enabling the rapid spread of Web-based malware is the reliance of many sites on third-party tools and widget, and the use of third-party advertising networks. This means that, if the Bad Guys can compromise one of the tool or ad suppliers, their attack can potentially be propagated to many other sites. Recently discovered flaws in Web development tools, like Microsoft’s ASP.NET and Sun’s Java Web Start, have also provided avenues for malicious attacks. The researchers also found that, just like much client software, server software is sometimes out-of-date or missing important security patches. The Bad Guys, of course, don’t really care who they hack as long as they can get the access they desire.
More details of Dasient’s findings are given in a post on their corporate blog. It’s worth a read.