Short lived & Stealthy – The new web threat

Stealthy, short lived, fast moving and dangerous!

The new security threatAccording to AVG, the creators of the well known and regarded security products, the way web-bourne threats are developing is changing. The traditional form of attack by virus, which are designed to stay on a host’s system for as long as possible, is giving way to a new form of infection, the infective website. The new form of attack is designed to be stealthy, short lived and fast moving.

There are two ways websites can be used as tools for the culprits, the first being to use existing, legitimate websites to infect other sites and site visitors. An example of this is malicious advertising, where criminals would create a malicious advert (malvert) and post it to an advertising network site. This site would then share the malvert with all other systems within the network.

Anyone even just being exposed to the malvert risks being infected with whatever nasty the criminals have coded into it. You wouldn’t need to click on it to risk infection. This form of attack is known as a ‘drive-by download’, and has some serious consequences. The other method being witnessed is where criminals are creating bogus sites, specifically for the purpose of spreading infections. They are also short lived, and the creators will keep them online for a short time, delete the sites, and then create another new one.

Personal data, such as passwords and online banking details, can be stolen from PC’s unfortunate enough to have been exposed to the attack. This type of infection is made even worse by the fact that the infection will only stay present on the host site for a short time, and  it’s almost impossible to predict where it will occur again. As infected sites are being identified and shut down, more are springing up. AVG Technologies’ Chief Research Officer Roger Thompson highlighted three main factors that make it an uphill struggle for security companies to track and detect these types of threats:
 

“Firstly, it takes a long time to detect and close down threats distributed randomly across thousands of different pages on a large social networking site. Secondly, the threat is usually short-lived: a malicious program delivered through a popular site doesn’t need to run for long to attract a large number of victims. And thirdly, the Internet is so large that scanning every web page for a threat that may only be present for a few hours or days is simply not feasible.”
 

As mentioned, social networking sites, such as Facebook and MySpace can magnify the potential of the threat. By their nature, the information within these sites is rapidly changing and evolving, so it makes for a ideal target for those with dishonest intent. Research by AVG has shown that the number of new infected web sites has grown by 66%, from 100,000 to 200,000 per day to 200,000 to 300,000 per day. Worryingly, they expect the trend to continue. 

You can view the AVG press release here. AVG are also featuring a video within their website, with their security expert, Larry Bridwell, giving a history of  malicious threats and predictions for future security threat trends. Are you worried about internet security? Do you feel safe when browsing? Share your thoughts in our forums.