News

Web Attacks on the Rise; E-mail Attacks Decline

According to a recent study from security and anti-virus specialist Sophos, servers in the U.S. and China host the lion's share of malware-infected Web sites. Meanwhile, Web attacks surged to an all-time high in the first quarter of this year, according to Sophos -- with no sign of dropping off any time soon.

It's a disturbing trend. For the first three months of 2008, in fact, Sophos identified about 15,000 freshly infected Web pages every day.

That's a staggering number. To put it in perspective, consider that last year the security researcher discovered and blocked an infected Web page about once every 14 seconds; this year, Sophos says, it's doing so about once every five seconds.

There's a further wrinkle here. Last year, for example, the People's Republic of China sat atop the malware list (it currently occupies the No. 2 slot) -- a discouraging state of affairs, to be sure, but one with an upside of a sort: Web surfers were more likely to exercise vigilance with Chinese Web sites than with sites in the U.S., Canada, the U.K. or the EU.

This time around, Sophos says, the U.S. is host to the largest number of malware-infected Web sites. Couple this with another trend -- namely, that almost 80 percent of "poisoned sites" are, in fact, legitimate Web sites that have been hacked to host malware -- and you have a greater-than-even chance that users could stumble unsuspectingly into a malware-infected trap.

"The U.S. has experienced unprecedented growth in this area, hosting almost half of all infected websites. The country has almost doubled its contribution to the chart compared to 2007, when it was responsible for hosting less than a quarter of compromised Web sites," the report reads. "China, which in 2007 was responsible for hosting more than half of the infected Web sites on the web, has returned to its 2005 standing, playing host to just a third of infected Web sites. A newcomer to this top 10 is Thailand, which in the first quarter of 2008 accounted for 1 percent of the infected Web sites found by Sophos."

If Web attacks are on the rise, the prevalence of malware-infected e-mail -- that old standby of malicious and mischievous hackers alike -- seems to be declining. According to Sophos' estimates, just .04 percent of all e-mail sent during Q1 was infected, compared with .11 percent during the first quarter of last year.

One reason for this decline is a tactical shift on the part of cybercriminals, according to Sophos. "Rather than incorporating malware into the e-mail in the form of an attachment, cybercriminals are using unsolicited e-mail to provide links to compromised Web sites," Sophos officials say. "Ironically, there is still a common belief that unsolicited e-mail, or spam, is a non-threat. With virtually all of it unwanted, and a large proportion linking to infected Web sites, organizations would be wise to address this problem before they become a victim."

The frequency of e-mail-infected malware might be declining, but the same can't be said for the prevalence of spam. According to Sophos, 92.3 percent of all Q1 e-mail traffic was spam. Web spamming is also on the rise. "Sophos finds a new spam-related Web page on average every 3 seconds -- [or] 23,300 each day. This calculation includes pages registered on 'freeweb' sites, such as Blogspot, Geocities, etc.," the Sophos report indicates.

Sophos and other experts link the rise in Web-mail spam to the circumvention of CAPTCHA (i.e., reverse-Turing-Test) techniques. CAPTCHA is an acronym -- first coined by computer scientists at Carnegie-Mellon University -- to describe a challenge/response test which allows a machine to determine that a user is human.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • World Map Image

    Microsoft Taps Nebius in $17B AI Infrastructure Deal To Alleviate Cloud Strain

    Microsoft has signed a five-year, $17.4 billion agreement with Amsterdam-based Nebius Group to expand its AI computing capabilities through third-party GPU infrastructure.

  • Microsoft Brings Copilot AI Into Viva Engage

    Microsoft 365 Copilot in Viva Engage is now generally available, extending Copilot's AI-powered assistant capabilities deeper into the Viva platform.

  • MIT Finds Only 1 in 20 AI Investments Translate into ROI

    Despite pouring billions into generative AI technologies, 95 percent of businesses have yet to see any measurable return on investment.

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.