Managed email service provider MessageLabs has blocked three times as many potentially damaging web sites this month than it did in February, to protect businesses from increasingly common web-based malware threats.Latest market intelligence released today shows that in an average day in March some 2,797 new potentially malicious websites were blocked by the company. “It is a good measure of the rate of change” explained Paul Wood, senior analyst with MessageLabs Intelligence, “and in the last month there has been a three-fold increase.”He said that the sharp rise indicates that cyber criminals are varying their strategies. “It’s becoming more difficult to successfully carry malware into an organisation via email, so their focus has shifted to the web server, and SQL injection attacks and the like.”That said, the percentage of email-borne malware containing links to malicious sites reached its highest level since June 2008 this month, rising by 16.5%. “We have found that 20% of all the email-borne malware we detect contains links to one bad site or another,“ Wood said.Other information published by Symantec Corp in its March 2009 MessageLabs Intelligence Report, suggests that despite the change in tactics the goals of financial gain remain the same.Wood said there is plenty of evidence to support this line of thinking. “We are finding many cases where large GIF image files contain injected JavaScript code with executables that trigger ad pop-ups. There is always a chance that there may be some malevolent purpose behind them, that’s why we block them, but they could be being used to drive ad revenues.”These JavaScript or VBScript injection attacks exploit a flaw in older browsers that appends the injected script to the end of an image’s binary code, which can achieve monetary rewards through simulated online advertising.Spam, the other curse of unprotected email, appears to be on the rise also and in March 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 75.7%, according to MessageLab’s analysis. That makes one in 1.32 emails sent an unwanted spam email, an increase of 2.4% since February. In contrast, only one in 285 emails comprised some form of phishing attack, a decrease of 0.17% in the proportion of phishing attacks compared with February.
Content from our partners
