Web attacks won't stop

Web sites will remain painfully vulnerable to Web-borne malware attacks until developers become more successful in their attempts to secure their work

Web-borne malware attacks will continue to flourish in 2008, according to the latest research report filed by scanning and acceleration specialists Blue Coat.

Based on the company's top ten security trends report covering the remaining calendar year, SQL and iframe injection exploits, along with a multitude of other attacks, will continue to spread over the Internet, with a large number of the infections being delivered via compromised Web sites.

Many of the threats will also be planted using drive-by techniques that won't require end user interaction beyond the initial visit to an infected URL, Blue Coat reports. Even popular sites are becoming well-traveled avenues for malware delivery.

"Because these are well-known, reputable sites -- some of the most trusted names in online news and commerce -- URL-filtering and reputation tools won't block users from visiting them," the report summarizes.

Web sites will remain painfully vulnerable to such attacks until developers become more successful in their attempts to secure their work, especially when working with emerging technologies such as Adobe Flex and Microsoft Silverlight, the experts maintain.

Another hot trend in 2008 will be the use of downloadable software widgets, even some of those developed by major vendors including Microsoft and Yahoo, Blue Coat's researchers contend.

"Even hailing from such leading developers as Microsoft and Yahoo, widgets have been found to have insufficient security features, leaving them vulnerable to infection. Because widgets often have access to the host operating system, they pose major risks to users," the paper asserts.

Online videos and social networking sites are also expected to attract a great deal of malware activity in 2008.

In the physical world, laptop computers containing valuable corporate data will continue to make attractive targets for thieves, with Blue Coat estimating the worth of a machine holding records for 10,000 employees as high as US$140,000 on the black market.

On the topic of devices, the company cited a 2007 incident in which digital picture frames were found to contain on onboard Trojan virus as emblematic of more attacks to come. Along with picture frames, the report names USB memory sticks as another probable method by which such threats will arrive.

In terms of defense, the company said that more businesses will distance themselves from the use of social security-type identifiers in order to help lower the risk of identity theft, however, Blue Coat also points to lingering problems with network security, gateway appliance throughput challenges in particular, as a continuing issue.

"A dirty little secret of the IT security industry is that most Web security gateway products are architecturally incapable of scaling to meet enterprise needs. Enterprises will continue to find themselves short-changed by products that promise comprehensive network protection but don't deliver on performance," the company said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about Adobe SystemsBlue Coat SystemsGatewayMicrosoftPromiseVIAWeb SecurityYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Matt Hines

Latest Videos

More videos

Blog Posts