back to article Compromised legit sites power hack attacks

Surfers are increasingly infected simply by visiting everyday websites with vulnerable PCs due to a change of hacker tactics. Drive by downloads and targeted attacks, rather than internet worms, have become the favourite attack mechanism, according to the latest edition of Symantec's Internet Threat Report, which gives a …


This topic is closed for new posts.

The plan is working

Looks like the UK government's secret plan of flooding the personal data black market is doing a good job, the prices are dropping like stones. Their taking the open source initiative a bit far in applying it to personal data though.


Some days you're the grasshopper...

...some days you're the ant.

It's hard to know where to place the blame for this. I see a lot of compromised legitimate Web sites, most of which redirect to the same small list of hostile servers (invariably hosted in Eastern Europe, of course). On a good day, the malware writers can plant upwards of 200,000 malicious redirectors on legitimate Web sites.

Most often, I see these attacks compromising sites run by lazy, careless, ignorant, or indifferent Webmasters. Outdated, insecure versions of phpBB, osCommerce, and phpNuke are used to subvert legitimate Web sites so often I cringe every time I see them, and blame in such cases clearly falls on the Web site owners themselves. (Webmasters who install these scripts: for the love of God, keep on top of security updates!)

In other cases, the ISPs have security problems on their servers that allow attackers to compromise every single Web site hosted on their servers at will (iPower, I'm looking at you here). Hard to know if these ISPs are indifferent, or if some employee on the inside is making money to look away.

And that's not even counting those Web sites--many of whom are run by folks who should know better--that provide places for people to enter information (like guestbooks and that sort of thing) who don't sanitize the input and filter out HTML; those folks are just begging to have their Web sites hijacked.


"We're not in the business of scaring people." -- Symantec

So, where did Symantec pull these numbers from, eh? Are they pulling them from the same servers that automatically delete virus data to avoid filling up hard disks?

I'm also reminded of an age-old question: "Would umbrella manufacturers predict good weather?"

Symantec won't tell you how to avoid having your computer compromised by a compromised web site, though. I'll tell you how, but you'll have to wade through a bunch of anti-anti-virus commentary to read it. :-) It's not in Symantec's best interests to let their customers have better protection, even though their customers probably have it already.

Silver badge

The total number of malicious code threats

Was undoubtedly obtained by making sure that every single bit variation of a given virus was counted as another threat. Which is a great idea when there are programs out there that can package you a malware suite based on one or a few selected virii and automagically include some minor variations - some of which can probably be parameter-based.

Ah, the wonderful value of the security market - you can pull any number out of thin air, nobody is going to take you to task to prove your figures, and nobody really knows what is going on anyway.

Except the criminals. They most likely know exactly how many virii of what kind they have sent out, and what the impact is.

Pity that they're never the ones answering the surveys.

This topic is closed for new posts.


Biting the hand that feeds IT © 1998–2018