US overtakes China as country hosting most infected webpages

One new infected webpage found every five seconds

IT security and control firm Sophos has published its latest Security Threat Report, which looks at worldwide cybercrime during the first quarter of 2008. The findings show a dramatic increase in web-based threats compared to 2007 the first three months of 2008 showed Sophos finding and blocking a new infected webpage every five seconds, compared with one every 14 seconds last year.

The top ten countries hosting web-based malware in Q1 2008:

1 United States    42.0%
2 China    30.1%
3 Russia    10.3%
4 Germany    2.2%
5 Ukraine    1.7%
6 Turkey    1.6%
7 United Kingdom    1.1%
8 Thailand    1.0%
9 Czech Republic    0.9%
10 Canada    0.7%
Others 8.4%

Research into which countries host the most infected webpages shows some interesting changes since the 2007 Sophos Security Threat Report. The US in particular has experienced unprecedented growth, from hosting less than 25 percent of all infected pages overall in 2007, to almost half in the first three months of 2008.

China has demonstrated the biggest drop, from hosting more than half of all the infected pages seen by Sophos in 2007, to just under a third in the first quarter of 2008. Elsewhere in the chart, newcomer Thailand was responsible for hosting 1 percent of all malware infected webpages, while the UK hosted 1.1 percent, down from 3 percent in the same period last year.

"The US and China are no strangers to this chart, with the two countries long holding the top two spots in this hall of shame," notes Carole Theriault, senior security consultant at Sophos. "However, the bottom half of the chart remains fluid, indicating that users need to remain vigilant, and those hosting websites need to ensure that they have patched against vulnerabilities that might be lurking on their site to avoid becoming part of the problem."

Hacked sites pose greatest risk to IT security

From January to the end of March 2008, Sophos identified an average of more than 15,000 newly infected webpages each day. Most worrying for computer users, is the fact that the majority of these poisoned sites 79 percent are found on legitimate websites that have been hacked. February saw the website of UK broadcaster ITV fall victim to a poisoned web advert campaign which targeted both Windows and Mac users, while in March a Euro 2008 football ticket website was hacked by cybercriminals in an attempt to infect unwary fans. In contrast, just one in every 2500 emails is now infected, compared to one in every 909 in 2007.

The top ten malware found on the web in Q1 2008:

1 Mal/Iframe    29.0%
2 Mal/ObfJS    27.0%
3 Mal/ZlobJS    6.7%
4 Mal/Psyme    2.6%
5= Troj/Decdec    2.2%
5= Troj/Fujif    2.2%
6 Troj/Unif    1.8%
7 Troj/Dload    1.1%
8= VBS/Haptime    1.0%
8= VBS/Edibara    1.0%
Others 25.4%

The top two web threats, Mal/Iframe and Mal/ObfJS, which are together responsible for more than half of all the online malware found by SophosLabs, are programmed by cybercriminals to infect websites by taking advantage of vulnerabilities. Sophos experts warn that companies can protect their network by investing in web security that scans a webpage for malware before granting access, while companies need to ensure that their web servers are protected against hack attacks.

"About 1 percent of web requests now deliver an infected page, most of which are legitimate websites belonging to people just trying to earn a living, says Theriault. "Already in 2008 weve been reminded that its not just the small, independent sites that are being hacked. With compromised websites of household names now serving up malware, its more important than ever for users to ensure that theyre using a fully protected machine, and for businesses to protect their web servers from the risk of attack."

Data leaks continue to cause embararassment

Data leakage continues to be a major concern for organizations, with several high profile cases of businesses losing sensitive customer information reported during the first three months of 2008. In March, the largest reported data breach this year involved the credit card numbers of more than four million customers being stolen from US supermarket chain Hannaford Bros. The credit card details, taken by cybercriminals using malware installed on servers at the chains branches, have already been used in approximately 1800 fraud cases.

These incidents cause embarrassment to businesses and government agencies and are a concern for all consumers. Sophos experts warn that cybercriminals are now more experienced and better resourced in the delivery of sophisticated attacks heightening the risks of data leakage and reinforcing the need for businesses to put in place up-to-date and extensive security policies, as well as educating users on appropriate and acceptable computing behavior.

As well as ensuring payment card industry (PCI) guideline compliance, Sophos reminds businesses to consider employing further measures to make their computer systems as secure and unattractive a target for hackers as possible. Several PCI compliant companies, including Hannafords, have fallen foul of enterprising cybercriminals in recent months, adds Theriault. "With more comprehensive solutions in place, businesses can make their data unappetizing to greedy hackers who are only after a free lunch.

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter