A security company is warning users that many online threats may not be coming from the seedy underbelly of the Internet but rather from seemingly harmless and well-known sites.
Finjan, a Web security vendor, analyzed more than 10 million URLs for its quarterly Web Security Trends Report and found that most malicious code -- worms, Trojans, and viruses -- doesn't come from Russia, China, or any other country that is considered to have substandard cybercrime laws. Most malware comes straight out of the United States or the United Kingdom, according to Yuval Ben-Itzhak, chief technology officer of Finjan.
He also pointed out in an interview with InformationWeek that malicious code isn't just being embedded in porn or gambling sites. Much of it can be found hiding in advertisements on legitimate sites.
"Malicious code is everywhere," said Ben-Itzhak. "It's not just across the ocean or on casino sites. Even if you avoid sites where you know you should not go, you can still get infected. It really can come from anywhere."
As commercial interests continue to drive e-crime, malicious code is more likely to be hosted on local servers in the United States and the United Kingdom, the report said. That means relying solely on filters that scan for where the code came from isn't that useful anymore, Ben-Itzhak said. "Don't just inspect something coming from a porn site or from Russia," he said. "You've got to inspect everything. If code is going to delete something on my machine, block it, and not just when it's from Russia."
Ben-Itzhak also warned users about clicking on online advertisements -- even on legitimate sites. Advertising actually is the leading category for URLs containing malicious code, accounting for 80% of all instances. Many Web masters aren't aware of all the ads popping up on their sites, he added, explaining that many aren't embedding specific static ads on their sites but buy into ad services that push ads onto the site.
"That's a main problem," said Ben-Itzhak. "You don't have to be visiting blacklisted or suspicious sites to get into trouble."