The war against computer malware is far from ending as Trojan writers find new ways to elude the security countermeasures deployed by corporations and end-users alike. The latest trend in Trojan distribution is web hosted malware and this has put the cyber criminals one step ahead of the security vendors.
Secure Computing principal research scientist Dimitri Alperovitch says that “We have seen a steady increase over the last year or so from malware being distributed typically through email now shifting to the Web factor.
Google confirms this by a recent study which showed as many as 10% of all Web sites are host to some type of malicious code.
The reason for this move is straightforward; most businesses and enterprises have focused mainly on messaging security and protecting email systems by scanning for malware and stopping executable code from entering enterprise networks through email. Web security has centered more on preventing users from accessing certain types of content.
Roger Thompson, a seasoned security researcher who is the CTO at Exploit Prevention Labs (www.explabs.com), agrees. Throughout his 20-year career in the security industry, Thompson has also witnessed backdoors and Trojans morph into an organized network of crime, costing global organizations billions of dollars annually. According to Computer Economics’ “2007 Malware Report,” the total cost of damages due to malicious code reached $14.2 billion in 2005.
Ryan Hicks, who heads up EarthLink’s (www.earthlink.net) spyware research team, concurs. “If you look over the years, what used to be the primary threat was replicable code—Trojans were a concern, but not a big one. Now if you look at it, the technology behind Trojans is at the top of everyone’s list.”
“Traditionally, the Web security has taken a backseat to other security considerations,” says Alperovitch. Recognizing this, criminals’ techniques have evolved, and what they have discovered is that they are able to obtain a much higher return on investment by distributing Trojan horses and backdoors via Web sites.
According to Thompson, “So much is built on the browser. When you open a browser, you’re creating an instant tunnel right through the firewall. Firewalls are really good at keeping out network worms, and email filters are good at keeping out email worms, but when you open a browser, you’re authorizing pretty much whatever wants to go on to come straight through the firewall.”
