Thousand of webpages belonging to Fortune 500 companies, government agencies and schools have been infected, putting visiting surfers at risk of infection and identity theft. High profile entertainment websites such as those belonging to Sony PlayStation, Euro 2008 ticket sales companies, and UK broadcaster ITV are amongst the many to have suffered from the problem.
Sophos experts note that with the continuing popularity of Web 2.0 social networking sites, including Facebook and LinkedIn, among business users, cybercriminals who have already gained access to user profiles, may begin to use these as corporate directories, noting new employees and launching spear-phishing attacks specifically aimed at stealing information from new and unsuspecting members of staff.
To guard against this risk, all organizations should ensure employees are fully educated about the dangers of posting too much information on these sites, and of accepting unsolicited friend requests.
Graham Cluley, senior technology consultant at Sophos commented:
Businesses need to bite the bullet and take better care of securing their computers, networks and websites. They not only risking having their networks broken into, but are also putting their customers in peril by passing on infections.
But office workers must realise it’s not just the business fat cats who need to worry about this. Visiting an infected website from your work PC, or sharing too much personal or corporate information on sites like Facebook, could lead to you being the criminal’s route into your company.
Although most attacks are now taking place via infected websites, email continues to present a danger. It is common for cybercriminals to spam out links to compromised websites, often using a subject line and message to tempt computer users into clicking through the promise of a breaking news story or a lewd topic.
Attacks via email file attachments, however, have reduced in 2008. Only one in every 2,500 emails examined in the first six months of 2008 was found to contain a malicious attachment, compared to one in 332 in the same period of 2007. Malware which disguises itself as naked photos of Angelina Jolie or Nicole Kidman dominates the chart of top malware spreading via email attachment. The Pushdo Trojan dominated the chart of most widespread malware spreading via email, accounting for 31 percent of all reports. Pushdo has been spammed out during the year with a variety of disguises.