Thursday, June 12, 2008

Hackers targetting legitimate websites to compromise user security


In the past it was through websites that were riddled with malwares an attacker compromised the Internet user security. Those websites were specifically created for this purpose. By exercising proper caution or by not visiting suspicious or unfamiliar sites an user was able to avoid such malwares.

Now, the focus has shifted. There is a new trend among the hackers/attackers. And it is compromising the security loop holes of legitimate websites.

Today the greatest risk to the user comes from the exposure to such malicious code from legitimate websites. The risk of getting exposed to these codes is huge since it is natural to unsuspectingly visit a legit and reputed website. And that is exactly what has made the hacker shift focus to these kind of websites.

The figures are scary. Scansafe reported that the increase in compromise of legitimate websites is a scary 407 percent and that 68 percent of the all the web based malwares the Scansafe security software blocked came from legitimate websites.

Talking about malicious websites, the Chinese territory of Hong Kong and the People's Republic of China are home to the largest fraction of malicious Web sites, according to a report published by McAfee antivirus company.Reports reveal that the top-level domains with the largest proportion of malicious sites belonged to Hong Kong (. Hk) and China (. Cn) with the Philippines (. Ph) and Romania ( . ro). The company surveyed nearly 10 million heavily-trafficked. A detailed study found out that 19.2 percent of all Web sites ending in the .hk posed a danger to visitors.

But those are websites which can be avoided by a user who excercises caution. The problem is that when it comes to legitimate websites it is difficult to suspect. Since the attacks are not directly carried out by these websites but by the attacker exploiting the security vulnerabilities and compromising the site, even the site owner might be unaware of these. Because of this it might take some time before the security vulnerabilties are fixed.

Some of the legitimate websites that have been reported to have been compromised are Nature.com, Foofighterslive.com, Thecareercompany.co.uk, Acer.co.th, Webster.edu and Photopass.com.

Let us have a look at how these websites are compromised:

1.Use of malicious scripts and iframes designed to silently deliver password stealers and backdoors to visitors' computers.

2.The fastest growing category of threats is backdoor and password-stealing malware. According to the ScanSafe report this increased 855 percent from May 2007 to May 2008, putting sensitive corporate data at serious risk of theft.

3. Use of Web-based malware-viruses, Trojans, password stealers and other malicious code.

4.SQL injection attacks that began in late October 2007 affecting hundreds of thousands of websites.

5. Through the use of stolen credentials FTP.

6.By inserting iframe redirection code or compromise a site to host malicious software.

7. A number of attacks on vulnerabilities in Web-site databases and administration tools has allowed attackers to litter legitimate sites with malicious code .

8.Random JS infection toolkit: It was reported by the security firm Finjan that hackers had bypassed security on at least 10000 legitimate domains to install the this toolkit.

Measures taken by Web browser developers to combact this:

Both Microsoft and Mozilla have through their browsers viz:- Firefox 3 and Internet Explorer 8 will block sites that attempt to infect visitors' computers with malicious code. Opera's new browser Opera 9.5 also has the anti-malware features.

These features will prevent users from downloading programs from Web pages that purposefully or inadvertently attempt to visitors infected with malicious code.

Using these web browsers along with good anti-malwares (updated regularly) and constantly patching up OS security vulnerabilities can help the user in restricting these kind of attacks to a great degree. But there will always be some room for these attackers as they keep on shifting their focus to unexplored terrirtories. So it is always a catch up game. This means that apart from the proper usage of anti-malware softwares and patch ups, the user should constantly keep in touch with the latest threats and security vulnerabilties.


References:
Securityfocus
ScanSafe

Google