Not All Malware Detection Is Created Equal

by Sophos

Nov 15, 2009

Download The internet is now the number-one conduit for infecting users with malware. SophosLabs reports that in 2009, 23,500 new infected web pages are discovered every day. That�s one every four seconds or so, four times worse than what it was in the same period in 2008 [1]. Malware authors are very successful with a popular method: compromising popular, high-traffic, legitimate sites in order to kick-start the infection process. Users visiting a hijacked site have no way of knowing the site has been compromised because the malicious code is invisible but executed as soon as the page loads in the user�s browser. The code typically will utilize cross-site scripting to fetch an even more malicious payload from a third-party site that will then attempt to leverage one of dozens of known exploits in the browser or operating system to infect it, steal data or subvert it into a botnet. The scope of these attacks cannot be underestimated, since all types of sites�from government websites to educational establishments to popular news portals, blogs and social networking sites�have been targeted. As security vendors add detection for this kind of malicious web code, the attackers constantly evolve it in order to evade being caught. As this game of cat and mouse intensifies, the attackers have turned to using JavaScript for delivering their attacks.