Organised crime hitting web browsers, studies show

Secure web gateway products firm Finjan has confirmed findings in Google online security blog posts and IBM’s X-Force report. “Google’s anti-malware team has indicated that more than 3 million URLs on over 180,000 websites were victimised by automatically installed malware,” says Finjan CTO Yuval Ben-Itzhak. “And IBM has reported that criminals are now turning their attention to directly attacking web browsers in order to steal identities, gain access to online accounts and other illicit revenue-generating activities. “As reported in our third and fourth quarter trend reports of 2006, as well as our 2007and 2008 trend reports, our research teams had already identified the trend that more and more criminal elements were using these techniques.” Google’s team also reported that 2% of malicious websites are now delivering malware via advertising. “This report also reconfirms Finjan’s Q1 2007 trend report regarding malicious ads being served on legitimate websites to infect users,” says Ben-Itzhak. He warns business Internet users to use additional security technologies that can identify malware by its behaviour. “Solely relying on signatures that only scan what web content looks like, or on URL filtering that checks where web content came from, is risky,” he says.