Not All Malware Detection Is Created Equal


Click here to download now

Source: Sophos
Date: November 2009
Type: White Paper
Rating: (0)

Overview: The internet is now the number-one conduit for infecting users with malware. SophosLabs reports that in 2009, 23,500 new infected web pages are discovered every day. That’s one every four seconds or so, four times worse than what it was in the same period in 2008 [1]. Malware authors are very successful with a popular method: compromising popular, high-traffic, legitimate sites in order to kick-start the infection process. Users visiting a hijacked site have no way of knowing the site has been compromised because the malicious code is invisible but executed as soon as the page loads in the user’s browser. The code typically will utilize cross-site scripting to fetch an even more malicious payload from a third-party site that will then attempt to leverage one of dozens of known exploits in the browser or operating system to infect it, steal data or subvert it into a botnet. The scope of these attacks cannot be underestimated, since all types of sites—from government websites to educational establishments to popular news portals, blogs and social networking sites—have been targeted. As security vendors add detection for this kind of malicious web code, the attackers constantly evolve it in order to evade being caught. As this game of cat and mouse intensifies, the attackers have turned to using JavaScript for delivering their attacks.

Not what you're looking for? Search again
Go Advanced »
More From the Vulnerabilities and Threats Section

View All Categories

Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Data Quality, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Performance Management

Development : Architecture & Design, C/C++, Database, Development Tools, Embedded Systems, High Performance Computing, Java, Mobility, Security, Web Development, Windows/.NET, Open Source

Government : Cloud/SaaS, Enterprise Applications, Enterprise Architecture, Federal, Information Management, Leadership, Mobile & Wireless, Policy & Regulation, Security, State & Local

Hardware : Blades, Data centers, Desktops/PCs, Grid/Cluster Computing, Handhelds/PDAs, Macintosh, Peripherals, Processors, Supercomputers, Unix/Linux servers, Utility/On-demand Computing, Virtualization Hardware, Windows Servers

Healthcare : Policy & Regulation, Leadership, Security & Privacy, Mobile & Wireless, Electronic medical records, Clinical information systems, Administration systems, Interoperability, The Patient

Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services

Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Internet Policy, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Social Business

Management : Career Development, Executive Insights/Interviews, H-1B, Legal, Outsourcing, Personnel Management, Recruiting, Regulation/Compliance, ROI/TCO, Salary/Compensation, Small-Medium Business, Training, Workplace Trends

Mobility : 3G Wireless/Broadband, 802.11x, Fixed Mobile Convergence, Mobile Business, Mobile Messaging, Muni Wireless, RFID, Smartphones, Wi-Fi VOIP, Wi-Fi/WiMax, Wireless Security, WLAN

Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Global Positioning Systems, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Virtual worlds

Security : Antivirus, Application Security, Attacks/Breaches, Cyberterror, Encryption, End user/Client Security, Intrusion Prevention, NAC, Perimeter Security, Privacy, Security Administration, Storage Security, Vulnerabilities and Threats

Services : Business Process Outsourcing, Business Services, Disaster Recovery, Hosted Applications, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Systems Integration, Telecom/Voice Services

Software : Integration, Application Optimization, Business Systems Management, CRM, Database Applications, Databases, Development Tools, ERP, Hosted Software/Applications, Linux, Open Source, Operating Systems, Productivity Applications, Server Virtualization, Service Oriented Architecture, Web Services

Storage : Data protection, Disaster Recovery, Removable/Portable Storage, Security, Storage Fabrics, Storage Systems, Virtualization

Telecom : VOIP, Unified Communications, Voice services, PBXs, Call Centers, Presence, Collaboration Systems, Business, Regulation, Internet policy

Windows/Microsoft : Applications, Internet Explorer, Microsoft Company News, Office Suite, Open Source, Operating system, Security


More On Security