Malware has risen by a staggering 278 percent in the first half of 2008, thanks in part to the large number of Web sites comprised last month, so says a new study by ScanSafe. And it warns that the situation is only going to get worse, especially after Dan Kaminsky goes public with details about his 20-year-old DNS vulnerability.
The ScanSafe Global Threat report is a study of more than 60 billion Web requests that ScanSafe has scanned, as well as 600 million Web threats it has blocked from January through June 2008 on behalf of corporate customers worldwide.
The report found that Web-based malware increased 278 percent during this period. This was in part due to large Web sites such as Wal-Mart, Business Week, Ralph Lauren Home, and Race for Life being compromised in June by SQL injection attacks.
Less than a year ago, Web surfers were more at risk from social engineering scams and rogue third-party advertisers, with the outright compromise of legitimate Web sites being relatively rare, and when they did happen, they were fairly obvious cases such as Web site defacements.
But now it seems that instead of attacks on the Web site itself, the target nowadays is the site visitor. ScanSafe says that unlike defacement, the signs of compromise are not readily apparent as the attacks are deliberately crafted to avoid casual observation.
"Today, compromises of legitimate Web sites are occurring en masse, and in nearly all cases there are no readily visible signs of the attacks," the security expert warns.
A large number of these SQL injection attacks was detected back in March this year. Then in April, attacks on legitimate Web domains, including some belonging to the United Nations, expanded dramatically. In June, ScanSafe found that SQL injection attacks accounted for 76 percent of all compromised sites.
Indeed, Microsoft and Hewlett-Packard launched in June free tools to help Web developers and site administrators defend against the rapidly growing number of SQL injection attacks.
ScanSafe says the increasing numbers of these attacks on legitimate Web sites can be blamed on automated attack tools, which became freely available in the last months of 2007.
"The mass compromise of Web sites poses a particular challenge to corporate users," said Mary Landesman, senior security researcher, ScanSafe. "The impacted Web sites are typically known, legitimate, and trusted sites with a business purpose. These are sites that users visit frequently and the attacks are so stealthy and unobtrusive, that most visitors don't know that they've been infected."
"SQL injection attacks, an exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data, have rapidly become the most common form of Web site compromise, outpacing all other types of compromise by 212 percent."