A few years ago, one of the biggest threats to IT infrastructures was email-based attacks. In fact, Microsoft Outlook was targeted so often that many people actually stopped using it completely. These days, email is much safer thanks to improved email software and robust email-filtering technologies.
Today, the biggest threat seems to come from Web sites, which of course means that your users' casual surfing at the office could pose high risks to your network environment, especially if you don't have adequate defenses and stern acceptable-use policies in place.
Recently, security product maker Sophos released a report that shows just how dangerous the problem of malicious Web sites has become. Like many security companies, Sophos operates a number of globally positioned monitoring stations that collect and aggregate data. Such data is invaluable in gaining a broader view of the threats that exist at any given moment in the Internet landscape.
According to the company's data, from January to May of this year, the number of new malicious Web pages detected per day was relatively low--about 5,000 per day--compared to the numbers since May. Beginning in June, the company saw a huge increase, and as of July 25, approximately 29,700 new malicious Web pages were appearing each day!
Of the malicious Web pages Sophos analyzed, 1 in 5 were established especially to host malware. The others had been legitimate Web pages that were somehow vandalized and made to contain malware.
Another very interesting finding is that from January to May, 51 percent of the compromised sites ran on Apache HTTP Server, 43 percent ran on Microsoft IIS 5.0 or IIS 6.0, and the remainder ran on lesser known Web platforms, such as Nginx.
The explosion of pages that contain malware seems to coincide with the emergence of MPack into the public spotlight. You recall that MPack is, by today's standards, a highly sophisticated Web-based exploit-deployment platform. I wrote about MPack at the end of June and blogged about it too. If you missed either of those two articles, you can find them on our Web site at the URLs below.
http://windowsitpro.com/Article/ArticleID/96352
http://windowsitpro.com/Article/ArticleID/96419
Sophos's data reminds us that strong Web-filtering tools are a vital component of an overall security strategy. Filters go hand in hand with diligent patch management and firm company policies that keep employees aware of your rules.
If you need some data to educate your fellow co-workers as to why your company has acceptable-use policies, get a copy of the Sophos report at the URL below. Even if you don't need the statistics to bolster your position, the report is a good read for all security administrators.
http://sophos.com/reportjul2007
Other companies that have published threat reports somewhat recently include Symantec (at the first URL below), Internet Security Systems (at the second URL below), the Anti-Phishing Working Group (at the third URL below), and McAfee (at the fourth URL below).
http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport
http://www.iss.net/x-force_threat_insight_monthly/index.html
http://www.antiphishing.org/reports/apwg_report_may_2007.pdf
http://www.mcafee.com/us/threat_center/default.asp
