Software // Enterprise Applications
01:20 PM
Connect Directly

U.S. And U.K. Breeding Most Malicious Code

A new Finjan report also shows that embedding malicious code in ads on legitimate sites is a growing security threat.

A security company is warning users that many online threats may not be coming from the seedy underbelly of the Internet but rather from seemingly harmless and well-known sites.

Finjan, a Web security vendor, analyzed more than 10 million URLs for its quarterly Web Security Trends Report and found that most malicious code -- worms, Trojans, and viruses -- doesn't come from Russia, China, or any other country that is considered to have substandard cybercrime laws. Most malware comes straight out of the United States or the United Kingdom, according to Yuval Ben-Itzhak, chief technology officer of Finjan.

He also pointed out in an interview with InformationWeek that malicious code isn't just being embedded in porn or gambling sites. Much of it can be found hiding in advertisements on legitimate sites.

"Malicious code is everywhere," said Ben-Itzhak. "It's not just across the ocean or on casino sites. Even if you avoid sites where you know you should not go, you can still get infected. It really can come from anywhere."

As commercial interests continue to drive e-crime, malicious code is more likely to be hosted on local servers in the United States and the United Kingdom, the report said. That means relying solely on filters that scan for where the code came from isn't that useful anymore, Ben-Itzhak said. "Don't just inspect something coming from a porn site or from Russia," he said. "You've got to inspect everything. If code is going to delete something on my machine, block it, and not just when it's from Russia."

Ben-Itzhak also warned users about clicking on online advertisements -- even on legitimate sites. Advertising actually is the leading category for URLs containing malicious code, accounting for 80% of all instances. Many Web masters aren't aware of all the ads popping up on their sites, he added, explaining that many aren't embedding specific static ads on their sites but buy into ad services that push ads onto the site.

"That's a main problem," said Ben-Itzhak. "You don't have to be visiting blacklisted or suspicious sites to get into trouble."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.