Sophos: One Web page infected every five seconds
Summary
Topics
Released Wednesday, Sophos said in its Security Threat Report that an average of over 15,000 Web pages were compromised daily between January and March.
In contrast, the daily average for the entire 2007 was about 6,000, or one infected Web page every 14 seconds.
About 79 percent of compromised Web pages tracked this year belong to legitimate Web sites, Sophos reported. The company noted that the Web sites of Fortune 500 companies, government agencies and even security vendors, have fallen prey to malware attacks.
In addition, there has been a rise in spam-related Web pages--a daily average of 23,300 such pages were tracked during the first three months of 2008. This is equivalent to one spam Web page being discovered every three seconds.
Threats circulated via e-mail, on the other hand, appeared to have cooled off during the first quarter of this year.
According to Sophos, only one in 2,500 e-mail messages contained malware--40 percent fewer than 2007, where one in 909 e-mail messages were infected.
Slightly over 92 percent of all e-mail monitored by Sophos between January and March this year were spam messages. The security vendor analyzes millions of new messages on a daily basis.
The United States remains the top contributor of spam, followed by Russia, Turkey, China including Hong Kong, and Brazil.
Talkback Most Recent of 30 Talkback(s)
-
But, the web runs on *nix
and *nix is unhackable...
No_Ax_to_Grind23rd Apr 2008 -
So...
All those IIS servers suddenly vanished in a puff of smoke? Are you saying that Microsoft is done/over/defunct/deceased/as dead as the proverbial Norwegian Blue parrot?
zkiwi28th Apr 2008 -
olePigeon28th Apr 2008 -
GTWilson8th May 2008 -
Re: But, the web runs on *nix
Unix/Linux is hacked just as often as Windows if not more so, you just here about Windows hacks because the media pushes fear for ratings.
If the majority of computer users ran Unix boxes, you'd be here saying Windows is unhackable.
5iN29th Apr 2008 -
Web apps and poor coding
Many of the attacks are through holes in the web applications themselves and/or sloppy coding. These will occur regardless of the web server OS, nix or IIS. There are other infections that are through flaws in the server OS.
mystic10029th Apr 2008 -
RE: Sophos: One Web page infected every five seconds
I think Sophos has a great headline grabber - the key question is what defines 'infected'? Are we talking about something like true XSS (cross site script attacks) or just spam-bots posting malware and spam URLs as comments on blogs? If its the latter then I think Sophos PR department must be having a slow month.
pixolut23rd Apr 2008 -
Practical steps?
So, what practical steps should site holders take to prevent
infection? Can anyone point to a ZDNet article about such, or
could one of ZDNet's bloggers write one?
zbeauvais24th Apr 2008 -
Practical steps to protecting your web server
You can find practical steps highlighted in these technical papers written by SophosLabs (free): www.sophos.com/security/technical-papers/
The actual full report - Sophos Security Threat Report, Q1 2008 - discussed in the news story is available from the sophos.com. Hope this helps!
Carole Theriault29th Apr 2008 -
RE: Sophos: One Web page infected every five seconds
It seems like a good time to re consider charging something like a tenth of a cent per email, which if you send 100 per day or 3000 per month is $30; or, 10 a day is $3.00 per month for most of us. Spammers would be priced out of business sending hundreds of thousands per day.
Terry
ThePCmann24th Apr 2008 -
I agree with email charges, but...
I agree that a $.001 fee per email is a small price to pay --
frankly, I'd gladly pay a penny each -- but there are
practical applications.
First, who gets the money? The ISP? The backbone
companies? Some Net bureaucracy?
Second, how will you stop spammers from using your
email and having innocent people get charged thousands
of dollars for the latest snake-oil pitch? If they can easily
spoof my businesses domain e-mail address, can't they
just as easily spoof the billing programs??
KaplanMike28th Apr 2008 -
Moreover, what about LEGIT mass mailers - like Liberal Causes?
OTOH, you can GLADLY charge right-wing mass mailings - oh, make it a dime each, so the Fascist Thugs go broke THAT much sooner! >:)
Politics aside, have you forgotten that every day ZD/Net sends out mass mailings to all of us listing today's stories? Want to charge THEM a tariff - and who pays? You?
drprodny28th Apr 2008 -
Politics
There is no reason to assert your political view into this.
Spamming and email has nothing to do with your political
affiliations.
Perhaps posters should be charged $.001 for every
meaningless, off-topic post so they will go broke THAT
much sooner.
Back on topic:
It is obvious that people aren't as stupid with email as they
used to be, so spammers are moving on to attacking
through browsers. And it seems a lot of people browse
without thinking. Myspace alone is a risk, and we all know
how many people use that atrocity.
jmadlena@...28th Apr 2008 -
It seems like a good time to re consider charging something like a tenth...
I couldn't help but instantly wonder what elected position you hold? The simple 'power of ten' math adds validity that thought. No offense. I have never felt that spam was ever more than a political football who's intent is to financially exploit net users. If you are getting spam change ISP's. You start foolishly throwing money at this simple problem and there will be no end. I can't think of a single reason for private users to pay for commercial use.
PCSense28th Apr 2008 -
RE: Sophos: One Web page infected every five seconds
Link to the methodology of the original study rather than the press release. I don't believe it unless you show the classes, types of malware deployed, and injection mechanism. Postbots don't count.
shoktai@...24th Apr 2008
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
