Perspective: Greetings...you're infected

perspective The Storm Worm ranks as one of this year's most virulent and persistent viruses. After making a January debut, transported by e-mail, the virus was notable for the more than 50,000 variants that it subsequently spawned.

The Storm Worm has since continued unabated, most recently in the form of Web-based attacks. E-mails, socially engineered to look like electronic greeting cards and linked to a Web site containing malware, completely avoided traditional e-mail antivirus gateways. The Storm Worm's course change to the Web reflects a growing trend of malware Web-based attacks launched through e-mail.

The simple logic behind these e-mail-based blended threats is astoundingly effective: no attachment means no antivirus block. And when combined with a user-friendly invitation, it creates the opportunity for a high infection rate.

Blended threats easily lead people to Web sites where malware gets downloaded--often without user interaction or knowledge. The industry is just now realizing the severity of the problem,

Researchers at Google recently published a paper concluding that approximately 10 percent of reviewed URLs contained "drive-by downloads" of malware binaries (PDF) and many more that were flagged as suspicious.

Malware once lurked in the dark corners of the Internet, but recent hacks have shifted it to the places we all frequent.

Our research at Avinti examined URLs being "advertised" through e-mail by spammers, and we found similar results: 40 percent of all e-mails contain at least one URL, and of those, approximately 7 percent linked to a malware site.

Malware once lurked in the dark corners of the Internet, but recent hacks have shifted it to the places we all frequent. For evidence, look no further than this year's hacking of the Web site for Dolphin Stadium, home to Super Bowl. Or the Sydney Opera House. Even popular social-networking sites like MySpace and Facebook have been platforms for exploits. Yes, the sites we frequent daily and trust may be the biggest threats we face in the future and we may be lured there by an innocuous e-mail link to view a greeting, blog or video.

The new Web (2.0) is a fertile breeding ground for malware. Links, blog postings, shared applications and syndicated traffic are all backdoor opportunities for unknown exploits to invade legitimate sites.

At the same time, traditional tools such as Web filters, originally built for blocking objectionable content, struggle to catch these attacks as much as antivirus products do in keeping up with ever-changing e-mail-borne attacks. Spammers and hackers have automated the process so that these sites can be up and running and then down in a matter of hours long enough to carry out their attacks. Like the Storm Worm variants, these sites may be up, active and out of business before a bad URL or IP address is ever logged.

Given the frequency of hackers hijacking a legitimate Web site to insert malware, such as an attack spoofing the Better Business Bureau, blocking a domain or subdomain is becoming more problematic. What about linked pages? Are they blocked by association or if they serve up the malicious link? What if a single IP address hosts sites for both malware and non-malware sites? Without proper control, we may end up either blocking too much, or jeopardizing our trust in valid Web sites.

Fortunately, there is some light now that we have recognized the problem. Organizations like Stopbadware.org and Google are beginning to address ways to share information on malware sites. More vigilance by social sites and IT directors on patching and maintaining their Web sites is going to become more critical than ever.

In addition, there is a greater realization among vendors that since hackers and spammers don't look at e-mail, IM, or the Web independently, they can't afford to either. What we need now are proactive solutions that are as dynamic as the attacks they are trying to prevent; that can detect both known and unknown threats, whether on the Web, e-mail, or IM. Until then, beware the next time you get an e-mail greeting card.

Biography
William Kilmer is CEO of Avinti, a developer of IT security technology. He is also the author of the book, Getting Your Business Wired, a guide to networking technologies published by AMACOM books.

More Perspectives

[chash360]

Like I said dozens of times before....

If certain monopolistic software companies had not violated the original HTML specs, created their own variants, and mass distributed E-Mail clients that automatically execute attached code by default. If they had not strayed from the guidelines and security protocols originally put in place by the DOD. If they were not so keen to have there own back doors into the system through the use of known unchecked buffer boundry errors in system processes (the method by which most malicous code is executed). If they had not done all of these things then the only trouble we would really have to look out for is boot sector virii, which is easy enough to scan for, and protect against.

This article is more AD-Journalism, they are not really going to fix anything...there is to much moeny to be made selling treatments, not cures!

[mbrusl]

Sites that are active in stopping spam

If you could proactively stop spam, would you? I've seen more and more sites that are actually advertising bad domains that are known to be a spammers haven. One such site is Spacequad Anti-Spam Services over at www.spacequad.com and they have mountains of information on spammers, along with discussion forums. Have a look and see for yourself if they can help you figure out if its spam or where it comes from.

[fred dunn]

Conflict of Interest by author....Shame on C|Net

Avinti sells the very product that this author is deeming the Internet's doom.
I can appreciate blended threats and while I agree with most of the article I do think that it is a flagrant conflict of interest and borders on being more of an advertisement. You can bet that Avinti will have reprints of this article and links to it from it's own website:
http://www.avinti.com