Skip to content

Management

Technology

Toolbox

Training


Books


White Papers


Topic Pages

Resource Centre


ComputerworldUK CommunIT

Want to join the UK’s fastest growing dedicated IT community? Enter here to browse the UK’s top usergroups, societies and associations.

Cybercrime & Hacking management > security > news

March 26, 2007

Eight out of 10 pieces of malicious code found in online advertising

Security based solely on URL categories 'no longer effective'

By ComputerworldUK reporter

Online advertising hosts 80% of all instances of malicious code, security experts have warned.

Advert

An analysis of more than 10m unique URLs, based on live web traffic recorded in the UK, by security firm Finjan found that hackers are increasingly targeting advertising.

Hackers have discovered that the complex structure of business relationships involved in online advertising make it relatively easy to inject malicious content into legitimate advertising delivery streams, Finjan’s latest Web Security Trends report said.

Malicious code was just as likely to be accessed through legitimate commercial websites as through disreputable sites, such as those with adult content or illegal downloads, Finjan warned.

The report also highlights a continuing evolution in the complexity of attacks, particularly the increasing use of randomisation techniques to conceal malicious code. More than 80% of the malicious code detected by Finjan was hidden in this way, making it virtually invisible to pattern-matching or signature-based anti-virus products.

Finjan chief technology officer Yuval Ben-Itzhak said: “The fact that malicious code is just as likely to be found in legitimate categories as in questionable categories means that security products that rely solely on URL categories to block access to malicious sites are no longer effective.”

The research also uncovered a new trend for hackers to bury malicious code on web pages served by automatic translation services, such as those offered by search engines.

Peter Christy, principal analyst at the Internet Research Group said: “In the past, attacks were dominated by worms and viruses designed to create a big and very visible disruption.

“Increasingly, modern attacks have criminal intent, and the attackers are becoming more proficient at obscuring the attacks and delivering them from otherwise reputable regions and website categories in order to circumvent many of the defences that have been effective against earlier attacks. These trends are a clear call-to-action for better detection and prevention methods.”

« prev article | more security news | next article »

Advert

close

Email this article to a friend or colleague:




PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

close
  • This article is now being printed.
close

What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.


Characters remaining:

close

Click below to add 'Eight out of 10 pieces of malicious code found in online advertising' to your blog.



If you do not have a ComputerworldUK Account and would like to use this feature, please Register.

If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.

What is this?

Advert

WHITE PAPERS

*