February 5, 2010

Malware Becoming A Bigger Issue

According to a Websense report released Thursday, cyber crooks are rigging the Internet with booby-trapped blog commentary, chat rooms, email messages and websites.

Online threat analysis showed that 81 percent of e-mail during the second half of 2009 was rigged to deliver "malicious" code and 95 percent of comments posted to blog or chat forums were spam or links to nasty payloads.

Search Engine Optimization (SEO) attacks were a favored tactic, piggybacking on hot topics like celebrity deaths or major disasters to lure people to websites designed to infect computers.

"It is pretty scary," said Websense security research manager Stephan Chenette. "Attackers have been moving in the same direction as Bing and Google with real-time search results."

Rival Internet search engines have improved result pages to feature fresh content like Twitter posts in real time.

Chenette said hackers use armies of infected computers - referred to as "botnets" - to host a plethora of bogus websites and swiftly lift links high into Internet search results based on hot topics at any given moment.

"They use botnets nowadays to give them control over search engine rankings," Chenette said of hackers. "The are jumping on the band wagon of any big event; at a drop of a dime they can instruct botnets to run websites and raise those links high in searches."

Websense discovered that 13.7 percent of websites rigged with "malware" were included in the top 100 results for searches conducted using words from Yahoo! Buzz, or Google Trend hot topics tracking services.

"Attackers are following every real-time event that is happening and changing, minute-by-minute, their rankings in Google search," Chenette said. "Attackers are as real time as any real-time search engine."

To gather its data, Websense used a Threat Seeker Network, which scans over 40 million Web sites for malicious code ever hour.

A popular scam is a "scareware" program that frightens people into paying to fix computer problems that don't exist.

Computer viruses also install code that allows hackers to commandeer control of machines, adding them to botnets.

Websense said the number of malicious websites doubled from the second half of 2008 to the same six-month period in 2009.

Hackers are also increasingly planting viruses on websites that people have grown to trust.

About 71 percent of sites that Websense found had malware were legitimate sites that had been compromised without the operators knowing about it.

"It's almost as if you can't trust the sites you know," Chenette said.

Hackers are also combining tactics.

Recent cyberattacks on about 30 firms, such as Google, combined using trick emails and malicious software to invade company systems.


On the Net: