Cyberattacks lay more 'stepping stones'

More intermediate domains are used to mask attack endpoints to extend longevity of malware families, new research from MessageLabs shows.
Written by Vivian Yeo, Contributor

The number of compromised legitimate Web sites, as well as new malicious domains, continue to grow as cybercriminals employ more intermediate steps to mask their actual attacks, according to a new report.

Released Wednesday, the MessageLabs Intelligence report for August noted that when victims download malware from a legitimate Web site that has been compromised, they may be "led through a complex system of invisible redirects" to the attack endpoint. New domains are introduced over time to act as "stepping-stones" between the initial sites and final destinations.

"For the bad guys, it can be a costly exercise to produce new families of malware in order to maintain their criminal activity at sufficient levels," the Symantec-owned company said in the report. "Registering new domains is much more economical for them, and by spreading the malware across as many different Web sites and domains as possible, the longevity of each new malware is increased."

Of the 3,510 malicious Web sites blocked daily in August, 36.1 percent were thwarted for the first time, said MessageLabs. The majority of the new sites blocked for the first time are legitimate domains that have been compromised, while around 16 percent are newly-registered.

During the same period, around 12 percent of malware blocked daily were new to the company's monitoring systems.

In addition, the host country of new malicious Web sites are now more likely to differ from what the registered top-level or country-code domains suggest, said MessageLabs. For example, 46 percent of .cn sites blocked were found to be truly located in China, but the country also hosted 33.3 percent of blocked .in domains and 18.2 percent of .ru sites with malicious content. Ukraine was found to host 23 percent of .cn sites.

Older legitimate Web sites that have been compromised, are more likely to be hosted in a location that matches the top-level domain.

Asian markets lead in spam, virus infections
MessageLabs' latest report also shows that Hong Kong has regained its crown as the most spammed region globally. The Special Administrative Region recorded a spam rate of 93.4 percent, a slight drop from last month's 94.2 percent.

Denmark (92.6 percent) and China (92.5 percent) were ranked No. 2 and No. 3, respectively.

In August, one in every 296.6 e-mail messages contained a virus. China and Singapore took the lead--one in 196.9 messages was infected with malware. Switzerland, the United Kingdom and United Arab Emirates made up the top five.

Editorial standards