Tuesday, January 26, 2010

Q4'09 web-based malware data and trends

Ed. Note: The data in this post is drawn primarily from Dasient's proprietary malware analysis platform, which gathers data on web-based malware attacks from across the web, and in the last year has been used to help tens of thousands of site owners address their web-based malware issues.

As we reported last quarter, the way malware is being distributed is undergoing a fundamental shift, with more attackers focusing on "drive-by downloads" from legitimate sites that have been compromised, or from sites designed specifically for malicious purposes. In nearly all the variations on this kind of attack, no user action is required for the infection to occur, beyond loading the site in a browser -- and there are very few signs that malicious code has been downloaded.

There is perhaps no better illustration of this shift than the way malware was employed in the recent attack on Google and several other companies. One of the components of the attack involved spear-phishing one or more Google employees, with an aim of driving them to a site that then exploited a zero-day vulnerability in Internet Explorer 6 to download malware to those employees' computers. In previous years, such an attack would have solely made use of a malicious email attachment to compromise the target's computer; now, attackers are clearly opting to employ multiple vectors, including web-based methods.

Looking at the data for Q4'09

Based on the telemetry data we've gathered from the web, we estimate that more than 560,000 sites and approximately 5.5 million pages were infected in Q4'09, compared with more than 640,000 sites and 5.8 million pages in Q3'09. By the end of the year, we had identified more than 100,000 web-based malware infections.

Also in Q4'09, the infections on newly compromised sites of 10 pages or more spread to an average of 24% of those sites' pages, up from 19 percent the previous quarter. This increase helps account for the smaller drop in the number of infected pages for the quarter, relative to the drop in infected sites. In other words, we saw a more significant drop in the number of infected sites than we did in the number of infected pages because each infection tended to spread to a larger number of pages on each site.

Finally, we saw a reinfection rate of 42 percent for the quarter (compared with 39 percent in Q3'09), meaning that more than four of every 10 sites infected in the quarter were reinfected within a space of three months. And, of course, with each infection the site is likely to suffer a loss of traffic, a decline in revenue, and damage to brand equity.

While we clearly saw a slight dip in some of the key metrics in the quarter (and, more specifically, as we neared the end of the year), the macro trend still points to a steady and significant increase in this kind of activity. To cite just one indicator: The number of infected pages for the quarter, 5.5 million, is a substantial increase from data published by Microsoft in April 2009, which pegged the number of infected pages per quarter at a little more than 3 million.

Attackers getting smarter

Like most other kinds of attackers, purveyors of web-based malware have long since adopted basic social engineering techniques to maximize their chances of remaining undetected as they infect endpoints. We saw plenty of evidence confirming that trend in Q4'09: For example, the most common domains being sourced in the download of a malicious file included innocuous-looking names like "google-query.com," "netlinkenterprises.com," and "starktourism.com." Similarly, the file names most often used in drive-by downloads included things like "setup.exe," "update.exe" (which was used in the Google attack), and "install_flash_player.exe."

But we also saw some evidence that attackers are responding directly to industry efforts to curb the spread of web-based malware. One interesting example can be found in the average number of extra processes started when a drive-by download is initiated. In previous years, a drive-by download would often initiate 10 or more extra processes, ostensibly in an attempt to maximize the return from each infected endpoint. In response, the search providers and anti-virus vendors who scan the web for infected sites began using the number of extra processes initiated as a signal that the webpage might be malicious. But in Q4'09, the average number of extra processes initiated was just 2.8 -- enough for a downloader and perhaps one or two pieces of malware. Clearly, attackers are getting smarter about the way they structure their attacks, opting for a smaller fingerprint on an infected machine in exchange for a greater likelihood of evading detection.

Structural vulnerabilities still being exploited

It stands to reason that the increasing complexity in and interoperability between websites and web applications has played a significant role in the rise of web-based malware. After all, the more dynamic and sophisticated your pages or applications are, the more vulnerabilities there will be for attackers to exploit. The data for Q4'09 certainly bears that out: .php, .asp, and .aspx (all file types associated with dynamic web content) accounted for 55 percent of all compromised URLs in the quarter.



Of course, a closer look at the data reveals that file types associated with static pages, such as .html, .htm, and .shtml, accounted for 39.6 percent of the compromised URLs for the quarter. This suggests that attackers are still focused in no small part on exploiting structural vulnerabilities in the web to compromise legitimate sites -- vulnerabilities like sourced-in third-party content or applications; user-added content like comments, links, photos, and other files; and syndicated ad networks, among other things. There are no simple solutions for closing these kinds of vulnerabilities, something that all site owners who want to avoid being infected -- and potentially infecting their users and being blacklisted -- should bear in mind when considering the protections they employ.

Keeping your site safe

If you're a business owner and you'd like to learn more about how Dasient WAM can help protect your websites, head here. If you're a web hosting provider and you'd like to learn about partnership opportunities with Dasient, check out this page. And no matter who you are, please be sure to check out our Twitter feed at http://twitter.com/dasient for all the latest in web-based malware and general security news.

109 comments:

  1. This one is too good. thanks for sharing.
    my Blogs: cityville cheats | how to get taller

    ReplyDelete
  2. I like this blog and it is well or discuss about technology, websites,etc.....

    http://www.knowifagirllikesyou.com |
    http://www.makeagirlfallinlove.org/

    ReplyDelete
  3. Thanks so much for this! This is exactly what I was looking for
    My Blog : how to make money online | diets that work

    ReplyDelete
  4. The particular information and facts I actually obtained in this website is a suitable confirmation that it's nowadays attainable to educate everyone and be abreast of latest information.

    camera

    ReplyDelete
  5. High PR Backlinks
    I am happy to find your distinguished way of writing the post. Now you make it easy for me to understand and implement the concept. Thank you for the post

    ReplyDelete
  6. If you're a performing human and you'd similar to see writer roughly how Dasient WAM can ameliorate protect your websites, occasion here. If you're a web hosting businessperson and you'd similar to discover nigh partnership opportunities with Dasient, alter out this diplomat. And no concern who you are, satisfy be certain to contain out our Twirp work at http://twitter.com/dasient for all the last in web-based malware and mass safeguard news.



    Computer Parts Store

    ReplyDelete
  7. If you're a performing human and you'd analogous to see author roughly how Dasient WAM can ameliorate protect your websites, occurrence here. If you're a web hosting capitalist and you'd twin to name left partnership opportunities with Dasient, vary out this diplomat. And no vexation who you are, fulfill be confident to comprise out our Emit product at dasient for all the measure in web-based malarkey and aggregation pass programmer.


    Computer Stores

    ReplyDelete
  8. If you're a performing weak and you'd analogous to see communicator roughly how Dasient WAM can ameliorate protect your websites, event here. If you're a web hosting capitalist and you'd match to sept paw partnership opportunities with Dasient, depart out this official. And no vexation who you are, fulfil be positive to comprise out our Release set at dasient for all the value in web-based malarkey and grouping reach programmer.


    Computer Store

    ReplyDelete
  9. It is a pleasure reading for me... I like it so much... Please Keep writing... latest news today

    ReplyDelete
  10. Really enjoyed your post while reading. I loved the post quality of your website. Thanks for this wonderful post.

    Banglore international school

    ReplyDelete
  11. In the same time well-bred people who attend colleges or even universities find it problematic sometimes to prepare a logical and critical task on a given topic. For those students who want to become sophisticated ones, this writing company proposes a reasonable help when i buy narrative essay at Papersmart.net on time. We make well-organized materials for anyone who needs an outstanding support on their own endeavors.

    ReplyDelete
  12. Wonderful content and excellent way of presenting this topic. Thank you very much for the details provided by you.tata steel dealers

    ReplyDelete
  13. I have truly learned so much from this amazing site. This is actually huge information. who can do coursework for me buy urgent coursework

    ReplyDelete
  14. This comment has been removed by the author.

    ReplyDelete
  15. Well. The most well-known issue is that individuals are running old stuff on their PCs that do not have the important security patches introduced. A few individuals have it like this reason they are languid, yet most haven't got their frameworks overhauled essentially cause they don't have a clue about that their PCs are being utilized by others. For more ideas with professional you can move to custom thesis writing service from web .

    ReplyDelete
  16. You completed certain reliable points there. I did a search on the subject and found nearly all persons will agree with your blog.
    uk assignment writing

    ReplyDelete
  17. bandar casino terpercaya harus anda cari dengan sungguh – sungguh, karena di indonesia sendiri banyak agen casino online yang menawarkan berbagai promosi menarik tapi menipu membernya. agen judi terbaik versi beberapa orang yang menjalani taruhan online sudah saya kantongi datanya dan disini saya akan memberikan kepada anda rincian agen casino sbobet yang bisa dipercaya dan dapat anda jadikan langganan taruhan online. agen judi bola ini merupakan penyedia berbagai produk judi online populer dan anda dapat memainkan sesuka hati yaitu di hokybet.net. mainkan taruhan di hokybet.net dengan suka cita lantaran banyak promo menarik yang bisa anda bawa pulang. perjudian online memang memasuki tahap berkembang pesat, yang mana dengan mudah bisa anda akses dan mainkan dimana saja. hal ini didukung pula dengan internet yang semakin merata di kawasan indonesia. jadi mau taruhan apapun bisa mendapatkannya secara instan. prediksi informatif dan aktual yang anda inginkan untuk menunjang taruhan online, dapat anda temui di agen bola terbaik. bahkan anda bisa berlangganan di agen sbobet melalui akun yang anda buat di situs jagobetting agen judi bola. tunggu apa lagi, segera registrasi sebelum hadiah besar yang ditawarkan oleh bandar judi itu ditutup. mendaftar sekarang dan dapatkan bonus deposit dan cashback besar dari bandar judi bola online indonesia ini. nikmati taruhan menggunakan uang aslinya dan menangkan hadiahnya

    ReplyDelete
  18. hello sir, kedatanagn me or my visit is to see and read the contents of the page that hosts created, after the I observe teryata very interesting article which hosts publish this, some did not Seya understand, but I am quite happy with what I can right here , please visit her back here.
    obat suplemen pria.
    obat nafu seksual.
    vakum.
    pro extender.

    ReplyDelete
  19. In case you have the most winning resume you know you get any job you want, this post is not for you/ But if you are trying to find the most reliable resume writer, check these professional resume writing service reviews and select the most suitable for you.

    ReplyDelete
  20. Đại lý vé máy tiger airways cung cấp vé máy bay trong và ngoài nước với giá rẻ hơn các đại lý khác.

    ReplyDelete
  21. Đại lý vé máy bay Tiger Airways giá rẻ chuyên cung cấp vé máy bay đi Singapore giá rẻ các loại vé máy bay đi thái lan giá rẻ và tham quan Phuket cùng vé máy bay đi Phuket giá rẻ ngoài ra còn có vé máy bay đi úc thăm thêm thành phố xinh đẹp vé máy bay đi Sydney và một số vé máy khác. Có thể liên hệ trực tiếp tại đại lý tiger airways tại tphcm hoặc tiger airways website để biết thêm chi tiết

    ReplyDelete
  22. I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well. . Assignment Help

    ReplyDelete
  23. Truly, this article is really one of the very best in the history of articles. I am a antique ’Article’ collector and I sometimes read some new articles if I find them interesting.
    Assignment Help

    ReplyDelete
  24. Thank you for writing such a wonderful article, it is really going to motivate people to achieve something big and dream bigger in future.
    Assignment Help

    ReplyDelete
  25. This is one very welcoming blog, i love the fact that you did take time to post such a nice post. You should do that more often and for sure we await for more. Qualified article writers

    ReplyDelete
  26. Really impressive post. I read it whole and going to share it with my social circules. I enjoyed your article and planning to rewrite it on my own blog. happy wheels

    ReplyDelete
  27. Folks who can spend money to do this to increase twitter followers quickly might quickly get exposure for their products suddenly. here you can buy twitter followers

    ReplyDelete
  28. Apologies Letter Writing Help This is a very nice post on web-based malware data and trends. I have learned a lot from your post and now I know that I need to be extra careful online. Thanks a lot.
    Dissertation Writing Tutors

    ReplyDelete
  29. Get the best assignment help service from leading assignment help service provider in UK, USA, and Australia- www.makemyassignments.com
    Make My Assignment
    Assignment help

    ReplyDelete
  30. đại lý sữa non alpha lipid Thanh hương tự hào là nhà phân phối sữa non alpha lipid số 1 việt nam chuyên cung cấp sản phẩm alpha lipid lifeline giá rẻalpha lipid Colostem giá rẻ đặc biệt Hương còn tổng hợp câu hỏi sữa non alpha lipid để giải đáp cho tất cả các khách hàng gần xa, với những thông tin sữa non alpha lipid chính xác và thiết thực nhất về Nhân chứng sữa non alpha lipid.

    ReplyDelete
  31. Thank you for sharing valuable information. Nice post. I enjoyed reading this post.
    slither io | wings io | science kombat | tank trouble 4

    ReplyDelete
  32. Nice to be visiting your blog again, it has been months for me. Well this article that i've been waited for so long. I need this article to complete my assignment in the college, and it has same topic with your article. Thanks, great share.
    dark souls 3 wiki emoji facebook slither io

    ReplyDelete
  33. The Jews Togel Online Singapore welcome Togel Online Hongkong this revolution in the Christian world, Bandar Togel Singapore and the Bandar Togel Jews Togel Online Terpercayashould show anexample. It is not an accident that Judaism gave birth to Marxism, and it is not an accident that the Jews readily took up Marxism: all this was in perfect accord with the progress of
    TheAgen Bandarq
    Communists Agen domino99
    are againstDomino Online
    religion (Christianity),Bandarq
    and Bandarq
    theyBandarq
    seek to Bandar domino destroy religion; yet, when we look deeper into the nature of Communism, we see that it is essential nothing else than a religion (Judaism)." (A Program for the Jews and Humanity, Harry Waton, p. 138).
    I shallAgen Bandarq use such influence asAgen Domino99 I have inDomino Online emphasizing the basic truths common Agen Poker to all denominations,Bandar Domino99 in Nonton Film Bioskop lowering denominational barriers and in promoting effective cooperation among Christians of whatever creed.The goal of Agen Bandarq
    Russia is in the Agen domino
    first instance aDomino Online
    World-Revolution. agen Bandarq
    The nucleus Bandar domino99 of opposition to such plans is to be found in the capitalist powers, England and France in the first instance, with America close behind them.
    In his novel Agen Bola Resmi Coningsby Bandar bola (London, 1844),Agen Bola Terpercaya Disraeli Agen Bola Terbesar drewAgen Bola online a picture Judi bola form Berita Bola the life Berita Bola of the JewsAgen Ibcbet ruling the world frombehind the thrones as graphic as anything in the Protocols of Nilus. Many believe, and it has been proved to most, Coningsby was a plagiarism of a Byzantine novel of the XVIIth century.

    ReplyDelete

  34. I Have Learn Several Good Stuff Here. Definitely Worth Bookmarking For Revisiting. I Surprise How So Much Effort You Place To Create This Sort Of Great Informative Website.
    Agen Judi
    Agen Bola Terpercaya
    Agen Betting
    Agen judi Terpercaya
    Agen Bola Online
    Agen Judi Online
    Agen Judi Bola

    ReplyDelete
  35. awesome blog……..thanks for sharing…….really admire your work and skills…….keep posting and sharing…….

    UOP Assignment help |

    ReplyDelete
  36. Really nice article…….it grabbed my attention and compelled me to write an article……keep it up……..


    Consumer Behavior Assignment Help |

    ReplyDelete
  37. Thanks for sharing……….awesome article….very interesting….appreciate your work……..keep it up…..
    UOP Assignment help |

    ReplyDelete
  38. I am really enjoying reading your well written Information. I have read your post carefully and relies that this is a very helpful for me
    Cookie Clicker
    Cookie Clicker play
    Cookie Clicker game
    Cookie Clicker online

    ReplyDelete
  39. What social networks you share this article to a friend? Did not know you were using this social network yet? Try a new social network that I discovered!
    snapchat , snapchat , snapchat , snapchat , snapchat , snapchat , snapchat , snapchat , snapchat , snapchat , snapchat , snapchat , snapchat

    ReplyDelete
  40. How often do you play games on free time or after hours of work stress? I usually come to the game as a way to balance life is full of pressure. And I would recommend to everyone that I loved the game
    strike force heroes 2, strike force heroes 2, strike force heroes 2, strike force heroes 2, strike force heroes 2, strike force heroes 2, strike force heroes 2, strike force heroes 2, strike force heroes 2, strike force heroes 2

    ReplyDelete
  41. Life becomes more interesting and wonderful when you share your memorable moments with friends and family through unique photographs. You can create your own unique style impressed with image editing software.
    square quick , square quick , square quick , square quick , square quick , square quick , square quick , square quick , square quick , square quick

    ReplyDelete
  42. Thanks for sharing such a nice article. It is really useful to me and all people. One think in my mind came while reading that it is not wasting of time.
    happy wheels
    return man 3
    friv4school

    ReplyDelete
  43. Thanks for the share loved reading the article, please do share more like this wiht us .
    Subway Surfers
    Subway Surf
    Subway Surfers download

    ReplyDelete
  44. I appreciate your post, it's really great. I hope that there will be many more articles on your blog. good luck!
    subway surfers game , subway surfer , subway surfers

    ReplyDelete
  45. Your article made me very impressed. I enjoyed it, I would expect at your website, or more articles
    return man 2 game , return man 2 , return man

    ReplyDelete
  46. In your article, points caught my attention the most is how your prose, to give me a deep impression. Wish you would write more. good luck!
    baixar whatsapp, baixar whatsapp gratis, whatsapp baixar

    ReplyDelete
  47. Just admiring your work and wondering how you managed this blog so well. It’s so remarkable that I can't afford to not go through this valuable information whenever I surf the internet..!!
    baixar facebook , baixar facebook gratis , facebook baixar

    ReplyDelete
  48. Life becomes more interesting and wonderful when you share your memorable moments with friends and family through unique photographs. You can create your own unique style impressed with image editing software. And after hours of work stress you can also

    tank trouble, tank trouble 2, banana kong , banana kong, dream league soccer , dream league soccer apk

    ReplyDelete
  49. Life becomes more interesting and wonderful when you share your memorable moments with friends and family through unique photographs. You can create your own unique style impressed with image editing software. And after hours of work stress you can also

    dr driving, dr driving baixar ,download dr driving, baixar subway surf, subway surf download , download subway surf

    ReplyDelete
  50. for beginners like me need a lot of reading and searching for information on various blogs. and articles that you share a very nice and inspires me .
    cara menggugurkan kandungan
    obat aborsi
    kalkulator kehamilan

    ReplyDelete
  51. I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. I hope to have many more entries or so from you.
    lucky patcher , download lucky patcher , lucky patcher app , lucky patcher download , lucky patcher apk

    ReplyDelete
  52. Very interesting blog. Alot of blogs I see these days don't really provide anything that I'm interested in, but I'm most definately interested in this one
    wings.io , wingsio , wings io , wingsio game , play wingsio

    ReplyDelete
  53. I think there are many people like and visit it regularly, including me.I actually appreciate your own position and I will be sure to come back here.
    baixar sonic dash , download sonic dash , sonic dash baixar , sonic dash game , sonic dash download

    ReplyDelete
  54. Nike Sportswear is set to release a special edition Nike Air Max 90 Seattle design that’s dropping this weekend.This Nike Nike Air Max 95 Air Max 90 features laser engraved icons on the toe inspired by the northwestern city Nike Air Max 2017 that references the Seattle’s fishing industry, Space Needle and Bigfoot.Look for the Nike Air Max Nike Basketball Shoes 90 “Seattle” to release on Saturday, October 15th exclusively at the Nordstrom x Nike Sneaker Nike Roshe Boutique in downtown Seattle.
    The Nike Flyknit Racer “Pure Platinum” is the newest Nike Flyknit Cheap Nike Air Max Racer that’s set to debut in October 2016.Dressed in a Pure Platinum, Cool Grey and Nike Air Max 2017 White color scheme. This Nike Flyknit Racer features a shades of Grey throughout its Flyknit Nike Huarache upper and its Nike Swoosh logo. Completing the look is a new camouflage pattern on Nike Air Max the heel tab, White midsole and Black rubber outsole.Look for the Nike Flyknit Racer “Pure Nike Roshe Flyknit Platinum” to release on October 14th, 2016 at select Nike Sportswear retail stores. The retail Nike Air Max Tavas price tag is set at $150 USD.
    Nike Sportswear drops the Nike Sock Dart Dark Kobe shoes Loden colorway that’s perfect for the fall season.Dressed in a Dark Loden, Gold Leaf and Nike Air Max 2016 Sail color scheme. This women’s exclusive Nike Sock Dart features a Heather Grey textile upper Nike Outlet Store with an Olive Green strap and hints of Gold on the heel counter. Completing the nike free flyknit look is a clean Sail rubber sole.Take a look at these on-feet images below and Nike Flyknit Racer find this women’s Nike Sock Dart available now through select Nike Sportswear retail stores, including Nike Flyknit Air Max shops like Titolo.
    Nike Basketball has reissued the original Nike Hyperdunk from 2008, and now Nike Air Max they’ve just debuted their latest “Gym Red” iteration for the fall season.This classic version of Nike Air Max 2016

    ReplyDelete