Study: Malware risks are growing exponentially

A new report from security services provider ScanSafe finds that companies are at increasing risk of having employees inadvertently download backdoors and password stealers onto corporate computers from Web sites that have malicious software hidden on them.

A company in ScanSafe's focus group faced a nearly 500 percent greater risk of exposure to those threats in September than was faced in January of this year, according to ScanSafe's Global Threat Report released on Tuesday.

Companies in the energy sector are at greater risk from Web-based malware than other industries, the report concludes. The energy sector, worldwide, faces a 189 percent higher risk of exposure from workers visiting sites with malware on them than other industries, followed by the pharmaceutical and chemicals industry, construction and engineering, and media and publishing.

"On a more positive note, government agencies were at 0 percent, which indicates they were at neither higher nor lower rates of exposure compared to other verticals," Mary Landesman, senior security researcher at ScanSafe, writes in a blog post.

The industry with the lowest rate of exposure was aviation and automotive. Landesman says she can't say exactly why one sector is more at risk than another but expects to release more findings soon that could help answer that question.

Overall, there was a flattening in the volume of threats in August and September, although ScanSafe is seeing a spike in October. Landesman says things could get ugly from a malware perspective throughout the rest of this year.

The holidays tend to be busy for socially engineered-types of malware, Landesman said. Plus, "the economy is hurting people's finances and this could encourage criminals to up their efforts to gain more money through illicit means," she said.

Also on Tuesday, security firm MessageLabs released statistics on the numbers of phishing attacks related to the banking crisis.

MessageLabs intercepted 7,000 phishing attacks exploiting Bank of America on October 16 and 15,000 on October 17, reaching 125,000 total e-mails over that weekend. American Express was the focus of a phishing attack that started on October 20 and reached 35,000 e-mails for the day.

The Cutwail botnet, which controls more than 1 million active unsuspecting zombie computers on the Internet and is believed to be the largest botnet, is responsible for those phishing attempts, MessageLabs said.

[inachu]

Those websites that are viewed at work are normally sports sites and non english sites.
Many times it is not the website themselves doing the infection but the advertisements that use the IFRAME and then the advertising agency farms out the banner ads to third party site sthat do not care about if they are infected or not just as long as they get money.

[iConquered]

Really this could all be resolved with better filter software, that blocks popular sights. My old college library had a filter that blocked access to Youtube, Myspace and Facebook (popular sites for college and University students). The University I attend now, has no filter, but they also require you to log in with your student identification number, before you can browse the web. So any inappropriate browsing, can be linked directly to your identification number. That is another potential method. Ultimately, the idea is that employees should be using the business machines for business functions and not for idle occupation of time, between job duties. In the least, the employee should bring their own computer, if they intend to casually utilize work resources (the network).