Sunday, October 25, 2009

Why Are Websites Being Targeted for Malware Attacks?

The simple answer is that malware attacks on websites are the best way for hackers to distribute viruses. In the past, viruses used to spread via email attachments, or by coaxing users to download and install a malicious file. These have all become less effective and/or too cumbersome for the hackers over time. The preferred
method of distributing viruses these days is by drive-by-downloads from legitimate websites. A drive-by-download occurs when a user visits a web page and malicious
code is automatically and silently downloaded and installed on the user's computer, without any interaction with the user required.

Once the virus is on the user's PC, the hackers have remote access to the computer and can steal sensitive information such as banking passwords, send out spam or install more malicious executables over time.



Figure 1 - Emails with Infected Attachments, 2005-2008 (Percent of total emails)

Figure 2 - Malware-infected web pages discovered daily, 2006-2008

From the data above [1][2], one can observe that emails with infected attachments have declined 94% since 2005, while malware-infected web pages have increased by 600%
since 2006. According to published reports, 77% of drive-by-downloads are occurring on legitimate websites [3]. From the hacker's point of view, it is easier to tap into a legitimate website's existing user base than try to lure users over
to a malicious website that they themselves have set up. Therefore, the hackers now target innocent, legitimate websites for virus distribution.

The impact on websites of this behavior is enormous. If undetected, the website will now infect any visitors with a virus. This can severely damage the website's reputation with its existing and potential customers, as well as create liability issues. Furthermore, search engines, browsers, and security companies are now blacklisting websites that are found to be serving malware drive-bydownloads. Google, Yahoo, Firefox, Internet Explorer, Norton, and McAfee all blacklist legitimate sites that have been infected with malware. The blacklisting has an immediate impact on the website's traffic and revenues, as well as heightens the damage to a website's brand and reputation.

Get Anti-Malware

No comments:

Post a Comment