About us
Contact us
RSS
Newsletters
Blogs
Follow us on Twitter
Management
Technology
- Applications
- Business Intelligence
- Development
- Hardware
- Mobile & Wireless
- Networking
- Internet
- Operating Systems
- Security Products
- Servers & Datacentre
- Storage
Toolbox
Training
Books
White Papers
Topic Pages
Webcast
Resource Centre
March 26, 2007
Eight out of 10 pieces of malicious code found in online advertising
Security based solely on URL categories 'no longer effective'
By ComputerworldUK reporter
Online advertising hosts 80% of all instances of malicious code, security experts have warned.
Advert
An analysis of more than 10m unique URLs, based on live web traffic recorded in the UK, by security firm Finjan found that hackers are increasingly targeting advertising.
Hackers have discovered that the complex structure of business relationships involved in online advertising make it relatively easy to inject malicious content into legitimate advertising delivery streams, Finjan’s latest Web Security Trends report said.
Malicious code was just as likely to be accessed through legitimate commercial websites as through disreputable sites, such as those with adult content or illegal downloads, Finjan warned.
The report also highlights a continuing evolution in the complexity of attacks, particularly the increasing use of randomisation techniques to conceal malicious code. More than 80% of the malicious code detected by Finjan was hidden in this way, making it virtually invisible to pattern-matching or signature-based anti-virus products.
Finjan chief technology officer Yuval Ben-Itzhak said: “The fact that malicious code is just as likely to be found in legitimate categories as in questionable categories means that security products that rely solely on URL categories to block access to malicious sites are no longer effective.”
The research also uncovered a new trend for hackers to bury malicious code on web pages served by automatic translation services, such as those offered by search engines.
Peter Christy, principal analyst at the Internet Research Group said: “In the past, attacks were dominated by worms and viruses designed to create a big and very visible disruption.
“Increasingly, modern attacks have criminal intent, and the attackers are becoming more proficient at obscuring the attacks and delivering them from otherwise reputable regions and website categories in order to circumvent many of the defences that have been effective against earlier attacks. These trends are a clear call-to-action for better detection and prevention methods.”
Follow highlights from ComputerworldUK on Twitter
Sign up for our Daily Newsletter
The UK IT News widget Get it for your site!
« prev article | more security news | next article »
Advert
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
- This article is now being printed.
What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.
Click below to add 'Eight out of 10 pieces of malicious code found in online advertising - Cybercrime & Hacking - ComputerworldUK' to your blog.
If you do not have a ComputerworldUK Account and would like to use this feature, please Register.
If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.
Advert
Newsletters
Your daily injection of CW news and expert analysis: we’ll bring the news to you.
WHITE PAPERS
-
Social CRM comes of age
Who is this “social customer”? What strategies and tools does the new breed of CRM provide to do something about this? -
Unlock the Hidden IT Opportunities in Troubled Economic Times
Learn how with the right approach, processes, and technology, you can provide higher-quality services for a lower cost, while also helping your business to position itself for growth when the economy rebounds.
