Report: Mainstream Websites Host Majority of Malware

While Android malware continues to grow faster than other malware types, it still accounts for only a minute fraction of all malware on the Web, according to Cisco’s annual security report released this week.Compromised websites hosting malicious Java and iFrame attacks and other malware far and away outpaces all other delivery vectors for malware, Cisco’s report said.

Compromised websitesWhile Android malware continues to grow faster than other malware types, it still accounts for only a minute fraction of all malware on the Web, according to Cisco’s annual security report released this week.

Compromised websites hosting malicious Java and iFrame attacks and other malware far and away outpaces all other delivery vectors for malware, Cisco’s report said.

“These types of attacks often represent malicious code on ‘trusted’ webpages that users may visit every day— meaning an attacker is able to compromise users without even raising their suspicion,” the report added.

Infecting benign sites with malware remains at the heart of malware propagation as attackers continue to find great success delivering malware over infected banner ads on Websites, malicious media files or redirects via iFrame

“Web malware encounters occur everywhere people visit on the Internet—including the most legitimate of websites that they visit frequently, even for business purposes,” said Mary Landesman, senior security researcher with Cisco. “Indeed, business and industry sites are one of the top three categories visited when a malware encounter occurred. Of course, this isn’t the result of business sites that are designed to be malicious.”

Malicious scripts, include iFrame attacks, accounted for 83 percent of attacks, Cisco said. Exploits delivered malware in almost 10 percent of attacks, followed by data-stealing malware, downloaders, worms and viruses.

Dynamic content on mainstream websites represented 18.3 percent of the delivery mechanisms exploited by malware. Online syndicated advertising was next followed by business and industry websites, gaming sites, web hosts and search engines and portals.

“The majority of encounters happen in the places that online users visit the most—and think are safe,” the report said.

Despite the explosion of Android malware, mobile malware accounted for less than a half percent of all malware encounters, according to the report. Malicious applications deliver the majority of mobile malware, in particular on the Android platform. Most security incidents occur because users either jailbreak devices or install applications from untrusted third-party app stores.

As the recent spate of zero-day vulnerabilities in Java pointed out, attackers find it most efficient to target cross-platform technologies such as Java, or third-party apps such as Adobe Flash or Reader, for example. The availability and ease of use of exploit kits makes it that much simpler for attackers to deliver malware. In the Cisco report, Java accounted for 87 percent of exploits reported in the survey, dwarfing the number of PDF, Flash and ActiveX attacks.

“With over three billion devices running Java, the technology represents a clear way for hackers to scale their attacks across multiple platforms,” the report said.

Mirroring a similar state of the industry report released this week by Arbor Networks, Cisco identified distributed denial of service attacks as another means of disrupting online services. Hacktivists involved in the banking DDoS attacks of late 2012, in particular attacks targeting DNS infrastructure with amplification and reflection attacks. These attacks use DNS recursive resolvers to increase how much attack traffic is sent to a victim, the report said.

“We are seeing a trend in DDoS, with attackers adding additional context about their target site to make the outage more significant,” says Cisco’s Gavin Reid. “Instead of doing a SYN flood, the DDoS now attempts to manipulate a specific application in the organization—potentially causing a cascading set of damage if it fails.”

The average throughput in DDoS attacks went up 27 percent to 1.57 Gbps, demonstrating how much of an anomaly the DDoS attacks against the major banks were. Those topped out at 100.84 Gbps, Cisco said, and lasted upwards of 20 minutes at a time. Attackers there were able to fire bad traffic simultaneously to different targets, another rarity in DDoS attacks.

Other noteworthy trends mentioned in the Cisco report:

  • Spam was down 18 percent worldwide, with India, the United States and Korea the top three originators of spam messages;
  • The top spoofed brands in order: prescription drugs; luxury watches; credit cards; business reviews, professional networks
  • 91 percent of young consumers believe the age of privacy is over; one-third are not concerned about data about them that is captured and stored;
  • 45 percent of young consumers believe their online identity is different from offline; only eight percent believe the two are the same.
  • Large companies with more than 25,000 employees are 2.5 times more at risk for running into malware online.

Suggested articles