More malware is hosted on local servers in the U.S. and Britain
than in countries with less developed e-crime law enforcement
policies, researchers at Finjan Inc. determined after reviewing
data from the first quarter of the year.
The San Jose, Calif.-based security vendor released its
Web Security
Trends Report for the first quarter of 2007 Monday. Its
findings are based on an analysis of more than 10 million unique
URLs from live Web traffic recorded in the UK. Finjan said its
biggest findings were that:
- Malicious code is more likely to be hosted on local servers in
the U.S. and U.K. than in countries with less developed e-crime law
enforcement policies.
- Attacks that involve the use of code obfuscation through
diverse randomization techniques are growing more numerous and
complex. More than 80% of the malicious code detected by Finjan was
obfuscated, making it virtually invisible to
pattern-matching/signature-based methods in use by antivirus
products.
- Digital miscreants are displaying an increasing level of
sophistication when embedding malicious code within legitimate
content with less dependence on outlaw servers in unregulated
countries.
"The results of this study shatter the myth that malicious code
is primarily being hosted in countries where e-crime laws are less
developed," Finjan CTO Yuval Ben-Itzhak said in a statement. "Our
research shows that malicious content is much more likely to show
up on a local server than one in Asia or Eastern Europe.
Unfortunately this means that the traditional location-based
reputation heuristics are decreasingly effective against modern
attacks."
@34115Specifically, Finjan found that 90% of the URLs containing
malware resided on servers located in the U.S. or U.K. Advertising
is the leading category for URLs containing malicious code,
representing 80% of all instances, the report said, adding,
"Attackers have discovered that the multiple parties involved and
the complex structure of business relationships involved in online
advertising make it relatively easy to inject malicious content
into generally legitimate ad delivery streams."
When analyzing malicious content in terms of the URL Web site
categories, Finjan found that malware is just as likely to be
accessed through legitimate Web sites for such things as finance,
travel and computing as through what might be considered
disreputable Web sites promising porn or free downloads.
"The fact that malicious code is just as likely to be found in
legitimate categories as in questionable categories means that
security products that rely solely on URL categories to block
access to malicious sites are no longer effective," Ben-Itzhak
said.