Sophos blames clueless site owners for malware attacks
Infected websites are now the most common source of malware attacks, and the fault lies with oblivious site owners, Sophos has warned.
“The biggest threat is the web. Email attachments have plummeted as a threat,” says Graham Cluley, senior technology consultant at Sophos.
Every day 6,000 new websites are infected with malware, 83% of which are legitimate pages infected by hackers, according to the firm’s Security Threat Report for 2008.
“It’s the fault of the people who own the websites. They haven’t secured their site. The problem is that the owners might not be technical,” claims Cluley.
“What’s needed is a solution that is proactive not reactive,” explains Cluley, suggesting that web traffic needs to be scanned in the same way as email traffic.
Macs under threat
Another trend that Sophos predicts for the next 12 months is an increase in malware targeted at Macs.
Until now Macs have been largely immune from malware and viruses, but Sophos is currently monitoring a group called the Zlob Gang which has already written code that threatens both Windows and Mac OS.
“They have a piece of malware that serves up the appropriate piece of malware for your OS,” says Cluley, explaining that if the group is financially successful then efforts in the area will increase.
“We need Mac users to be smarter to prevent this happening.”
Sophos also suggests that the rise of mainstream portable devices that feature Wi-Fi could bring about a new wave of malware infections. Owners of these devices are likely to be “less security savvy”, says Cluley, and therefore more vulnerable to social engineering.
Devices like the OLPC could also bring new threats, suggests the report, bringing thousands of new users to the internet who will become potential victims, or even criminals.
“Someone in Africa who earns a pittance is only one click away from someone who earns 20 times as much as them,” says Cluley.