In the first quarter of this year, SophosLabs was detecting an average of 4,000 Web pages newly infected with malware each day. In the second quarter, that number rose to 8,000, says Mark Harris, director of Sophos Labs. By August, the toll had risen to 16,000 newly infected Websites each day, or one new infection every three seconds. “Ninety percent of them are legitimate Websites,” Harris says, most vulnerable to SQL injection attacks.
The latest example of this is a widespread infection of Business Week magazine’s site, Sophos found, with hundreds of pages infected.
And while it’s true that most financial services institutions have hardened their Websites against this vulnerability, it doesn’t really matter. Bank sites are generally the second-level targets, as the infected Websites then cause unsuspecting browsers to download keyloggers and password-stealing Trojans. “From a banking perspective, I’m certainly more concerned about banking Trojans than phishing sites,” Harris says.
The other alarming trend Sophos has uncovered of late is the continued vulnerability of Linux Web servers, which are being easily compromised with age-old exploits and turned into bot controllers. “The fact that people aren’t paying attention to their Web servers is a problem,” Harris says. “The wakeup call hasn’t happened.”