View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
March 31, 2009

MessageLabs warns on web site malware

Web site caution, as malware attackers change tack

By CBR Staff Writer

Managed email service provider MessageLabs has blocked three times as many potentially damaging web sites this month than it did in February, to protect businesses from increasingly common web-based malware threats.Latest market intelligence released today shows that in an average day in March some 2,797 new potentially malicious websites were blocked by the company. “It is a good measure of the rate of change” explained Paul Wood, senior analyst with MessageLabs Intelligence, “and in the last month there has been a three-fold increase.”He said that the sharp rise indicates that cyber criminals are varying their strategies. “It’s becoming more difficult to successfully carry malware into an organisation via email, so their focus has shifted to the web server, and SQL injection attacks and the like.”That said, the percentage of email-borne malware containing links to malicious sites reached its highest level since June 2008 this month, rising by 16.5%. “We have found that 20% of all the email-borne malware we detect contains links to one bad site or another,“ Wood said.Other information published by Symantec Corp in its March 2009 MessageLabs Intelligence Report, suggests that despite the change in tactics the goals of financial gain remain the same.Wood said there is plenty of evidence to support this line of thinking. “We are finding many cases where large GIF image files contain injected JavaScript code with executables that trigger ad pop-ups. There is always a chance that there may be some malevolent purpose behind them, that’s why we block them, but they could be being used to drive ad revenues.”These JavaScript or VBScript injection attacks exploit a flaw in older browsers that appends the injected script to the end of an image’s binary code, which can achieve monetary rewards through simulated online advertising.Spam, the other curse of unprotected email, appears to be on the rise also and in March 2009, the global ratio of spam in email traffic from new and previously unknown bad sources was 75.7%, according to MessageLab’s analysis. That makes one in 1.32 emails sent an unwanted spam email, an increase of 2.4% since February. In contrast, only one in 285 emails comprised some form of phishing attack, a decrease of 0.17% in the proportion of phishing attacks compared with February.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.