Online criminals exploit vulnerabilities in end users Web browsers using drive-by downloads

(29/02/2008)

Finjan has confirmed the findings presented in a recent Google online security blog post and IBM's X-Force report. Online criminals are waging a highly sophisticated war by exploiting vulnerabilities in end users Web browsers using drive-by downloads.

Google’s team also reported that on average 2% of malicious websites were delivering malware via advertising.

“Google Anti-Malware Team has indicated that more than three million unique URLs on over 180,000 websites were victimized by automatically installed malware. IBM has reported that criminals are now turning their attention to directly attacking Web browsers in order to steal identities, gain access to online accounts and other illicit revenue-generating activities," said Yuval Ben-Itzhak, CTO with Finjan.

"As reported in our third and fourth quarter trend reports of 2006 as well as our 2007and 2008 trend reports, our research teams already identified at that time the trend that more and more criminal elements of hackerdom were using these techniques with a great success," he added. “This report reconfirms Finjan’s Q1 2007 trend report regarding malicious Ads being served on legitimate websites to infect users”.

According to Ben-Itzhak, Internet users – both business users and individuals - should use additional security technologies that can identify malware by its intended behaviour – in other words: what it does. Solely relying on signatures that only scan what Web content looks like, or on URL filtering that checks where Web content came from, is risky.

Related topics:  Internet and Web security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources