Software // Enterprise Applications
01:20 PM

U.S. And U.K. Breeding Most Malicious Code

A new Finjan report also shows that embedding malicious code in ads on legitimate sites is a growing security threat.

A security company is warning users that many online threats may not be coming from the seedy underbelly of the Internet but rather from seemingly harmless and well-known sites.

Finjan, a Web security vendor, analyzed more than 10 million URLs for its quarterly Web Security Trends Report and found that most malicious code -- worms, Trojans, and viruses -- doesn't come from Russia, China, or any other country that is considered to have substandard cybercrime laws. Most malware comes straight out of the United States or the United Kingdom, according to Yuval Ben-Itzhak, chief technology officer of Finjan.

He also pointed out in an interview with InformationWeek that malicious code isn't just being embedded in porn or gambling sites. Much of it can be found hiding in advertisements on legitimate sites.

"Malicious code is everywhere," said Ben-Itzhak. "It's not just across the ocean or on casino sites. Even if you avoid sites where you know you should not go, you can still get infected. It really can come from anywhere."

As commercial interests continue to drive e-crime, malicious code is more likely to be hosted on local servers in the United States and the United Kingdom, the report said. That means relying solely on filters that scan for where the code came from isn't that useful anymore, Ben-Itzhak said. "Don't just inspect something coming from a porn site or from Russia," he said. "You've got to inspect everything. If code is going to delete something on my machine, block it, and not just when it's from Russia."

Ben-Itzhak also warned users about clicking on online advertisements -- even on legitimate sites. Advertising actually is the leading category for URLs containing malicious code, accounting for 80% of all instances. Many Web masters aren't aware of all the ads popping up on their sites, he added, explaining that many aren't embedding specific static ads on their sites but buy into ad services that push ads onto the site.

"That's a main problem," said Ben-Itzhak. "You don't have to be visiting blacklisted or suspicious sites to get into trouble."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of January 18, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.