12 May 2008, David Benyon, Operational Risk & Regulation
LONDON – Web-based threats from malware - software that is designed to infiltrate or damage computer systems - are “growing exponentially”, with a 35% rise in April alone, according to monthly research by web security firm Scansafe. More than 500,000 high-profile sites such as the United Nations’ website have had their databases targeted by the latest wave of a so-called ‘SQL injection’. Meanwhile an ‘iframe injection’ is misdirecting search queries to malware downloads on a multitude of middle-tier sites that, although relatively small individually, together constitute the ‘long tail’ of the internet.
Searches made on infected sites using popular consumer security software such as McAfee SiteAdvisor failed to flag or block the sites. The research is based on billions of web requests Scansafe logs on behalf of business customers worldwide. The inability of consumer software to deflect such malware attacks is a growing threat both inside and outside the office – as more roaming employees compromise security accessing sensitive corporate material simultaneous to leisure sites.
“It is unlikely we have seen the last of either of these attacks. Given the improved targeting and growing number of compromises, web surfers will want to be increasingly cautious,” says Mary Landesman, a senior security researcher at Scansafe.