The bMighty Blog -- Security

Symantec Report: Malware Makers Setting Sights Via Trusted Sites

Posted by Keith Ferrell Wednesday, Apr 9, 2008, 08:59 AM ET

Symantec's latest Internet threat report makes clear that the bad guys have shifted the focus of their approach from luring users to malicious sites to placing their malware on legit sites that users know and trust.

The trend, among many things pointed out in the security company's Internet Security Threat Report, vol XIII, indicates that the malware-makers are becoming even more aggressive -- and clever, in a bad sort of way -- about getting at you and your customers.

And a fair amount of the blame for the growth of the approach rests on the administrators of those trusted sites.

That is, the malware that makes cross-site scripting (XSS) attacks possible can't get onto legit sites unless a vulnerability exists there.

The vulnerabilities do exist of course -- Symantec reports over 11,000 such individual site vulnerabilities in just the last six months of last year.

But -- and it's a big one -- the failure of the site administrators to patch known vulnerabilities is as big (or, from a business competency perspective, bigger) a problem as the malware.

As Symantec points out about the site vulnerabilities, "only 473 (about 4 percent) of them had been patched by the administrator of the affected Web site..."

4 percent! That's worse than I would've guessed -- and probably worse than you would have, too.

And far more inexcusable.

The complete report can be downloaded here and includes some interesting data about just how little stolen ID info is selling for in the marketplace.

Check out bMighty ANTenna's take on the Symantec report here.


Business & E-Business | IT | Internet/Web | Networking & Communications | Operations | Security




This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


Spotlight on Solutions
(Sponsored By Cisco)


Explore the bMighty Blog
Most Recent Posts
bMighty Blog Topics
     
bMighty Bloggers
bMighty Blog Roll



Browse by Category
Imaging How-To Center

Document imaging basics, plus how to select a solution

go

FREE Technology Services Locator!

Search our database of 200,000 solution- provider locations by business activity, technology, vertical market, and customer size. Find a technology partner NOW.

go

Tech Term of the Day: cooked

TechEncyclopedia gives you the meaning of today's word, plus more than 20,000 additional IT terms and definitions.


techweb
Online Communities TechWebInformationWeekLight ReadingIntelligent EnterprisebMightyNetwork ComputingDark ReadingDigital LibraryWall Street & Technology
Byte & SwitchNo JitterInternet EvolutionLight Reading's Cable Digital NewsContentinopleUnStrungBank Systems & TechnologyAdvanced TradingInsurance & Technology
Face-to-Face Events
InteropWeb 2.0 ExpoWeb 2.0 SummitVoiceConBlack HatCSISoftwareEntrprise 2.0 ConferenceGTEC
 Mobile Business Expo
InformationWeek 500 ConferenceBuy Side Trading XchangeBuy Side Trading SummitBank Executive SummitInsurance Executive SummitTelcoTVEthernet ExpoOptical Expo
Magazines  
InformationWeekWall Street & TechnologyInsurance & TechnologyBank Systems & TechnologyAdvanced TradingMSDNTechNetSmart EnterpriseThe Architecture JournalDatabase Magazine
 
Research & Analyst Services  
Heavy ReadingInformationWeek ReportsInformationWeek Analytics