Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies

Malware Threat Continues to Rise

2:31 pm on Jun 17, 2009 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
votes: 236

Malware Threat Continues to Rise [news.bbc.co.uk]
Legitimate websites are a growing frontier for malware attacks with over ten million pages affected every year.

Security start-up Dasient claimed the threat has risen as more people create their own websites and blogs without proper built-in security protocols.

Anyone opening an infected page could have the malware downloaded to their computer without even realising it.

"There's a real and present danger of the web being seriously compromised," said Dasient co-founder Neil Daswani.

"This emerging threat is becoming very real and is already affecting millions and millions of websites. 30,000 web pages are affected every day according to the likes of Microsoft and the security firm Sophos," said Mr Daswani who was a senior security engineer at Google.

12:20 am on June 19, 2009 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
votes: 2

With content-managements systems such as WordPress being used more and more, combined with the lack of follow-up to security updates and the prevalence of clear "footprints" by major CMS scripts, it is getting easier to target thousands of websites running the same vulnerable scripts.

Combined with the additional problems caused by third-party inserted code such as advertising or widgets, the attack vector is widening rapidly.

What to do? Better diligence is managing security issues from webmasters is one vital aspect, when developing a site using a CMS, plans should be made (and added to contracts for sites developed for hire) to make sure scripts are rapidly brought up to date for every announced vulnerability.

Very few attacks on websites are zero-day exploits, for the overwhelming majority of cases the vulnerability is known for weeks or months before the worm infects unprotected sites.