A recent white paper by Symantec: Web Based Attacks, February 2009 cites there has been a dramatic increase in the number and sophistication of Web based threats.
The report states that throughout 2008 and into the early part of 2009 many new techniques and trends based around Web activity have been observed.
Comments Tich Mugwara, Symantec Enterprise Security Product Specialist at Drive Control Corporation (DCC): “Users are today faced with attacks that are sophisticated and therefore harmful to their laptops, desktops or even networks. It is important to remember that when surfing the Web one should bear in mind that one might stumble onto a site that has a number of viruses that could harm your machine.”
Misleading applications are finding their way to PCs via Internet pages; SQL (Windows environment) attacks are used to infect popular and mainstream web sites; Fake advertisements/malvertisements are redirecting people to malicious sites said the report.
In the case of targeting mainstream Websites, it is often those pages which contain material of an adult nature or pirated software that come under fire. Explains Mugwara: “These Websites have thousands of users that visit these sites on a minute-by-minute basis, making the users vulnerable.”
Attack techniques include: SQL attacks; malicious advertisements; search engine result redirection; vulnerabilities in the Web server or forum hosting software; cross-site scripting (XSS) attacks; and attacks on the backend of virtual hosting companies.
“Unfortunately, we are also finding that people simply don’t download the latest virus patches, updates and so forth. While vendors work very hard to ensure that their users are protected the onus still remains with the individual to accept updates and ensure their security features the latest armour in its body of defence,” says Mugwara.
The solution, says Mugwara, is to deploy and comprehensive end point security products which layers of protection such as:
. Heuristic file protection. This technique enables a security product to spot new virus variants, even without a traditional virus finger-print signature, based on characteristics of the file itself.
. Intrusion Prevention System (IPS). Intrusion Prevention Systems monitor network traffic looking for suspicious behaviour with the goal of stopping an attack before it takes up residency in a system.
. Behavioural Monitoring. If a malicious piece of software makes it onto the system by bypassing the defences of the Intrusion Prevention System and the file protection capabilities, then a behavioural monitoring system may still identify it.