RSS feed Get our RSS feed

News by Topic

BizReport : Internet : April 01, 2009

MessageLabs: March sees big rise in malicious websites

Almost 3,000 potentially malicious websites were blocked each day by MessageLabs during March this year. That's almost three times the number blocked during February.

by Helen Leggatt

messagelabs_logo.gifCyber crooks are changing tactics and focussing their malevolence on web servers and SQL injection attacks, says MessageLabs' senior analyst, Paul Wood. However, the amount of email containing links to malicious sites in March reached the highest level since June last year, up 16.5%.

While the problem is a global concern, the worst affected areas were throughout Asia-Pacific with Australia, Hong Kong, China, India and Japan receiving the highest amount of spam.

An iconic virus, Melissa, turns 10 years old this year. A decade ago, this virus was credited with being the first to make use of botnets and even today, MessageLabs still encounters about 10 occurrences of the virus each month.

"Melissa was the virus equivalent of the supermodels from the 90's, known by one name and iconic within the industry," said Alex Shipp, senior director at MessageLabs. "This was the first attack of this magnitude and I remember that when the numbers reached the hundreds within the first hour of stopping Melissa, which were significant levels in 1999, we knew the threat landscape had changed evermore."

Since intercepting the virus in March 1999, MessageLabs' Anti-Virus service has stopped 108 different strains and more than 100,000 copies of the virus, claims the company.

Google has also noticed the return to pre-McColo spam rates, saying that spammers have almost fully recovered from the shutdown of the notorious web-hosting firm.

Tags: botnet, mal-ware, malicious websites, McColo, Melissa, MessageLabs, spam, spammers, virus

Subscribe to BizReport

  • Google has been reporting that some new website-infecting SQL injection attacks hit 450,000 urls a day. Most of the SQL injections involve .php urls.

    Cybercriminals are spreading invisible infections far and wide across the Internet by hammering hundreds of thousands of websites each day with so-called SQL injection attacks.

    The trend started in the summer of 2007 and has continued to accelerate. IBM Internet Security Systems says it has identified 50% more infected web pages in fourth quarter 2008 than it did in all of 2007.

    If you click on an infected .php url your laptop or pc gets turned into an obedient "bot," short for robot, deployed to attack other computers. All of your sensitive data often gets stolen.

    SQL attacks take aim at the database layer of websites. They typically are manual attacks designed to pilfer customer data from merchant websites.

    In June 2007 a hacker figured out how to automate the attacks, and use them to plant infections. An infected PC thereafter gets put to work delivering spam and spreading more infections. And any sensitive data, such as log-ons and account numbers, often get stolen.

    In the first five months of 2008 IBM ISS helped many large corporations block about 5,000 SQL attacks a day. By mid-June, daily attacks spiked to 25,000; by October they topped 450,000 a day.

    Security experts say consumers must keep updates for anything to do with their browser current, though most now do not do this. This includes updates for Internet Explorer, Firefox, Safari, Opera, Chrome, Adobe Flash, Adobe Reader, iTunes, QuickTime, Windows Media Player and RealPlayer. Such updates increasingly include important security patches that can block infections from taking hold.

  • It would be a good idea to list malicious websites and email addresses of people who send derogatory and libellous comments to clients and similar under anonymous names. We have had this happen to us and I am more than positive that this was a disgruntled ex employee who we were forced to layoff due to the downturn in the economy. We had always prided ourselves on being open with our employees but it obviously worked against us! Anyway the result was several of our clients cancelled work because they thought we were going unable to continue with the service we offered! So instead of giving us the chance to rebuild this ignorant anonymous emailer actually caused an even worse scenario! It takes a subpoena to find out who owns the email address. So it would be great if we could develop a website where anyone could refer to a list of suspect addresses including bogus websites. As soon as one is recognised it could be added? Of course this has to be done on a very open basis whereby the initator must disclose all details of themselves for obvious reasons!



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.