‘Malvertisement’ attacks pose increasing threat for Web surfers
In its quarterly Global Threat Report issued today, ScanSafe, the pioneer and leading provider of SaaS Web Security, reported that in the third quarter of 2009, 15% of all malware blocks were due to malicious image files, including those used in a string of ‘malvertisement’ attacks that affected popular websites like drudgereport.com and horoscope.com, in the latter part of the quarter.
“The problem of malicious image files is exacerbated by the general number of sites that offer users the ability to upload images with limited controls in place to ensure that those images can’t be used for harm,” comments Mary Landesman, senior security researcher at ScanSafe. “We are encountering more and more examples of ‘malvertisement’ and cyber criminals are using increasingly advanced techniques to infiltrate legitimate advertising networks which subsequently deliver this malware via mainstream, popular websites.”
ScanSafe noted from its latest research that malicious image files containing iframes and PHP shellcode increased in 3Q09. At 7% of all Web malware blocks, exploiting the comment field in image files outpaced the incidence of encounters with PDF exploits targeting vulnerabilities in Adobe Reader and Acrobat. 3% of all malicious Web content were PDF files containing exploit code. This is extremely significant given the fact that PDF exploits were the most commonly encountered exploit via the Web in 2008.
“Users should be concerned about the increase in ‘malvertisement’ attacks as when infected, the malware has the ability to intercept and tamper with user searches; including the ability to redirect them to websites other than they expected which can lead to further malware infestation,” continues Landesman.
Worryingly, 29% of all Web malware in the third quarter of 2009 were zero day malware blocked by ScanSafe Outbreak Intelligence™ meaning that they were missed by traditional signature-based methods. Alarmingly, the rate of zero day threats peaked at over 90% at the end of August – the highest peak in 2009 yet. This high incident of zero day malware was largely the result of an outbreak of compromises delivering backdoor trojans. ScanSafe revealed that four of the top ten Web threats in 3Q09 were data theft / keylogger trojans.
