Web-Based Malware Doubles from 2009, Likely to Persist in 2011

There’s been a significant uptick in Web-based malware, with
infections nearly double those from this time last year, and predictions are that Web based attacks will get worse before
they get better.

There’s been a significant uptick in Web-based malware, with
infections nearly double those from this time last year, and predictions are that Web based attacks will get worse before
they get better.

In their Q3 Malware Update, security firm Dasient estimated there were
over 1.5 million malicious advertisements a day dished out to unsuspecting users. The
length of these campaigns spanned 11.1 days on average, suggesting attackers have
been fairly successful with this medium.

Internet threat protection company M86 reached similar conclusions in their 2011 predictions, (.PDF) warning of refined attacks around HTML5 and the surging
battlefield revolving mobile attacks. Though the HTML5 specification is still a work in progress, adoption is picking up speed, driven by firms like Google who see the update to the Web’s lingua franca as an open and standards-based alternative to proprietary technologies like Adobe Flash and Microsoft’s Air. But HTML5 brings new security concerns along with its new features

Both firms cautioned against the continued use of stolen digital
certificates to bypass security measures as well, citing the nefarious Stuxnet
worm which targeted industrial systems in July. Dasient also predicts a shift
to more fully-realized cyber warfare, with a focus on government web sites:

“While Stuxnet propagated via USB sticks, one can imagine
that an efficient way to infect critical, government-run infrastructure would
be to infect government web sites, which government employees access more often
than casual visitors,” the company said in its report.

Drive-by-downloads and scareware will
continue ravaging sites like Facebook and Twitter, the companies agreed. The firms referenced Koobface’s
recent proliferation across Facebook  and
September’s Twitter XSS attacks.

While websites are likely to ensnare the crux of attacks in
2011, attackers will continue to find new ways to propagate their malware,
ensuring some of these trends will carry on.

Suggested articles

Discussion

  • Anonymous on

    Time to sandbox web browsers and when the web session is finished, wipe the sandbox automatically with a fresh install of your favorite browser?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.