ScanSafe

Client Login | International Users
Search


STAT Security Brief


A May 2007 / May 2008 State of the Web Comparative


The Web is under attack. During the past six months, an unprecedented series of compromises have outfitted hundreds of thousands of legitimate sites with malicious scripts and iframes, the vast majority of which are designed to silently deliver password stealers and backdoors to visitors’ computers. This ScanSafe STAT security brief compares the Web-threat landscape in May 2007 – six months prior to the large scale compromises, with data from May 2008 – six months after the attacks began. The findings in this report demonstrate the tremendous impact these ongoing attacks are having on the safety and integrity of the Web.

Data in this report is based on malware blocked by ScanSafe on behalf of its corporate customers in the months of May 2007 and May 2008. For normalization purposes, the report uses only corporate block data common to both months.


Key Findings

  • The volume of threats confronting Web surfers has increased 220%
  • The rate at which these threats are encountered has increased three-fold
  • Risk of exposure to exploits and compromised Web sites increased 407%
  • Backdoor and password stealing malware increased 855%
  • In May 2008, 68% of Web-based malware exposure was via compromised Web sites

    • A Year of Change

    Given current day events, May 2007 feels much like a bygone era. Though significant in its time due to large numbers of active exploits circulating, the “who, what, when & where” of risk differed considerably. In May 2007, the average corporate user was most likely to encounter Web-based threats via direct exposure such as links on blogs and in forums, or through socially engineered email enticements. The sage advice at the time: avoid clicking on links unexpectedly, be alert to fraudulently formed links, and stick with known legitimate sites.

    Fast forward a year later and it’s the known legitimate site that users must be most concerned with. Wide availability of (often free) exploit frameworks and vulnerability assessment tools allows for mass compromise of Web sites by even the most unskilled attacker. This ‘point and click’ opportunity presents a tremendous return on investment (ROI) for the attacker. As an example, nature.com is one of the top 500 sites linked to in Wikipedia and enjoys an estimated reach of 877,000 unique visitors per month. A May 2008 compromise of that site resulted in the embedding of malicious scripts which installed a password stealing trojan on visitors’ computers.

    Though the compromise was quickly remedied, even a single day of active compromise could potentially expose 30,000 users – and their networks. And nature.com was only one of hundreds of thousands of known legitimate sites that were compromised in May 2008.

    As seen in the chart below, in May 2008 the average corporate user encountered 68% of Webbased malware exposure via compromise of known legitimate Web sites.


    The change in delivery method – using the compromised site as a conduit for malware – has also led to dramatic increases in volume of malware. In May 2008, corporate users faced a three-fold increase in the volume of Web-based malware exposure, compared to May 2007. This increase in volume is coupled with an 855% increase in backdoor and password stealing trojan exposure via the Web.

This report was completed by:  Mary Landesman