ChannelWeb came out with a list of the 10 most dangerous legitimate websites to date. As discussed in the previous articles of this month’s newsletter, legitimate sites are now the preferred targets of today’s hackers as they are far more lucrative than the commonly acknowledged dubious sites.

So, without further adieu, here are the 10 sites to be weary of:

1.       Facebook             

With almost 500 million users, Facebook is the ultimate target for cybercriminals. Ever since the Koobface of 2008 (an anagram for Facebook and a virus that is very much alive and thriving today), Facebook has experienced an escalation of attacks. Beware of fraudulent profiles and Facebook log-in pages as they are phishing Malware attacks.

2.       Twitter

Coming in behind Facebook in social networking popularity, Twitter is another favored target for hackers. The most common of Twitter attacks is an infected URL which will download Malware onto the unsuspecting user’s computer. And just like Facebook, Twitter has also been the victim of phishing attacks, prompting users to sign in on a counterfeit log-in page or to click a malicious link in a phony profile.  

3.       Google

As the most popular site on the Internet, Google is constantly under attack. The most popular of these assaults are search engine poisoning techniques to get malicious sites to appear at the top of the search rankings as traditionally users will trust and click on those sites listed first. Gmail is also a victim of phishing scams.

4.       URL Shortening Sites

Thanks to Twitter and its 140 character limit per Tweet URL shortening sites such as TinyURL and Bit.ly have been increasing in popularity, both with legitimate users and hackers. Not only are these sites being targeted by Malware attackers, but the shortened URLs are also a new vehicle for infection as well.

5.       YouTube

For a long time now hackers have been enticing users of YouTube to download malicious content. The most popular way to do this is to hijack an email or social networking account and to then send the infected video codec to all of the victim’s contacts, creating a sense of legitimacy.

Tune in next month for Part 2 of this list!

Last year, the proliferation of Malware attacks increased a whopping 508%. Short for malicious software, Malware includes worms, Trojans, spyware, and viruses, all designed to infiltrate one’s system and perform actions without a user’s informed consent. So why, in 2010, are these threats on the rise? The epidemiology behind this tremendous jump pinpoints two simultaneous positive correlations: the continuous sophistication of the Malware and the rise in social media sites.

Don't let Malware get you down! Read on to discover the latest changes to Malware and how to protect yourself.   

The new cybercriminal

The cybercriminal of 2010 is no longer your amateur anarchist hacker; they are now highly skilled developers and engineers hired by criminal organizations to steal data or engage in spamming operations for profit. This means that more and more businesses are being targeted for and attacked by Malware as the aim is no longer chaos but capital gain.

The new Malware

Not only are the new cybercriminals professional engineers, targeting more and more businesses for profit, but now their latest worms, viruses, and Trojans are matured - able to outsmart traditional defense tools, embedded within websites as opposed to traditional email embeddings that one could easily avoid via spam filtering, and are now designed to infiltrate without informed consent in one of three ways: “drive-by downloads,” “social engineering,” and “iframes.”

• In a drive-by download, a user simply visits an infected site and the Malware is downloaded without one’s consent or even one’s knowledge.
• With social engineering, a user is tricked into performing an action, such as downloading a file or accepting a prompt, and instead downloads the malicious software. A specific type of social engineering is “scareware,” where the prompt (typically a pop-up) is extremely alarming. A perfect example is a pop-up designed to look like an actual antivirus alert, typically reading, “A virus has been detected on your system.” The scareware then encourages you to download a cleanup utility which in actuality is the Malware, typically a Trojan horse.     
• A site may be hosting Malware as is the case with drive-by downloads or scareware, or it could link to the malicious content via an iframe (think ads or web banners begging for your click-through).         

Legitimate sites under attack

We have all been familiar with Malware for quite some time, and common knowledge holds that if we steer clear of suspect sites (illegal downloading sites or adult content sites) we will keep ourselves safe from attack.  Although this was a very safe assumption in years past, the same does not hold true today as more and more legitimate websites now host or link to Malware, especially the new and popular social networking sites that make it all the easier for cybercriminals to spread Malware through their data sharing channels. The result: network gateways can no longer rely upon blacklists of dangerous sites nor can a user rely on their better judgement to avoid attacks.  

What makes the situation even worse is the fact that most site owners are completely unaware that their site is infected as it is happening in ways imperceptible. Exploitation of 0-day vulnerabilities in the software running the site or vulnerabilities in the application-specific code, uploadings on Web 2.0 user-driven sites, internal attacks from disgruntled employees, or third-party web content such as unvetted banners and ads using Flash applications: all of these furtive methods of attack may go unnoticed for quite some time.       

What can you do?

Here are the cold hard facts:

• Malware has grown significantly in sophistication  
• Traditional prevention tools are no longer enough
• Legitimate sites are now being targeted
• Site owners are often unaware of infection, leaving you to fend for yourself

In the face of all these changes to Malware, you must safeguard your entire system, end-to-end, gateway to endpoints. Fortunately, this can be done and done effectively. As traditional methods are no longer enough, it is best to consult a seasoned managed service provider on all the potential defense mechanisms currently on the market.  

Conclusion

Malware is very harmful and nothing to be considered lightly. One must take every precaution available to protect one’s system. We at Bryley have been in the computer network business for 23 years, and are fully prepared as a managed service provider to secure your network, end-to-end, against all potential attacks. We have several solutions to choose from:

• Bryley's Secure Network (SN) solution provides managed protection against all external threats and includes such features as intrusion prevention, malware blocking, web-content filtering, and spam filtering
• Bryley's Kaseya Endpoint Security (KES) is an antivirus/antispyware solution centrally managed and maintained by Bryley
• Bryley's Comprehensive Support Program (CSP), by far our most popular and most all inclusive managed solution, provides you with proactive, end-to-end network security and maintenance
• Bryley's Multi-Point Security Hardening solution provides you with workstation, server, and network verification as well as the implementation of improved security settings
• Bryley's unmanaged projects, including the deployment of firewalls, antivirus tools, and antispyware tools

Contact us today with any questions or concerns you may have regarding Malware or for a free network security consultation. 

Want to learn more?

Contact Bryley Systems today. Call 888.280.5799 or email Sales@Bryley.com

Learn more about the managed services we offer on our website. Visit http://www.bryley.com/solutions.html