Opinion: Web threats what you need to know

“In July 2008, the risk of exposure to web-based malware had increased by 443 percent compared to May 2008, and by 1636 percent compared to May 2007 (Source: ScanSafe STAT).

Consumers and businesses need real-time protection against transient web threats, which are the fastest-growing threats to Internet users today. These appear on one or more websites temporarily, from a few weeks to just a few seconds — they’re not only growing in number, but also in sophistication. They’re very tough to track and block from users’ machines,

Criminals buy ad space from an advertising aggregator and an exploit is run on an ad that rotates through hundreds or thousands of trusted websites; a frequent target is social network sites like Facebook or MySpace. Users are infected easily, often unwittingly and they don’t need to click on anything to become infected.

These transient web threats are often designed to steal information and identities – an issue affecting many Australians today.

According to the Australian Bureau of Statistics, Australians lost almost $1 billion to fraud and scams last year. More than 800,000 (or 5 percent of the population aged 15+) reported some instance of fraud.

Of those, 453,000 lost money totalling $977 million. Nearly 500,000 people were victims of identity fraud, with 77 percent reporting fraudulent transactions on their credit or bank cards, while 23 percent suffered identity theft involving unauthorised use of their personal details. These were used to conduct business, open accounts or take out loans illegally in their name.

Some security vendors use the blacklist approach where the software checks a URL against a blacklist database of sites that are known to have delivered malware in the past. That approach is mostly too slow to protect against transient threats — the threat is gone before it can be recorded into the database. Worse, at least for the operator of the affected site, the site shows up as infected even after the threat is gone.We believe a better approach is just-in-time scanning that inspects each web page for exploits right when the user visits it. Just-in-time scanning is more effective against transient threats because it looks for types of delivery mechanisms rather than types of malware. It automatically marks known bad sites and it can detect infected and potentially-infected content as you browse the web, outside of search engines.

Search engine hacking and social engineering exploits are also becoming a part of the modern web-borne threat. Websites can be hacked and gamed making them appear prominently in the top search engines. Hackers can plant an iFRAME on a site, force the search engine to cache it and then build bots that click on the site to make it rank higher in a search. Social engineering is also relying on human weaknesses to spread software problems by scaring visitors into downloading a software program to fix a ‘problem’ the site claims to have detected.

There is a common characteristic in all of the issues that are being detected – trust. The openness and collaboration that is an inherent part of the Internet today is increasing the attacks on search engines from legitimate web sites. Social networks are also becoming more frequent targets. The end user really needs to be better educated that these types of threats just aren’t merely annoying, they are dangerous.

This is a serious problem for business and society. It is no longer restrained to kids writing viruses for bragging rights. Today it’s a different story. Malware is almost entirely criminal in its goals — whether someone wants to steal a World of Warcraft password to access game assets, someone’s identity, or corporate intellectual property. It’s a very different ballgame from even five years ago.

Site operators and users now need to take more responsibility for protecting themselves. Protection should extend to greater awareness and education and the incorporation of just-in-time safe-surfing and safe-searching software. Site operators should monitor their sites continually for any changes in the underlying code and take immediate action if malicious changes are discovered.

And for those in the sales channel it has become mandatory to explain the advantages of multiple layers of protection.

Many computer users think they’re protected because their computers are running anti-virus software. They may also be running a firewall and anti-spam software. These are all very important layers of protection, but they are not enough to protect them from web-based threats and transient hacks.

You should advise your customers that multiple layers of protection — anti-virus, anti-spam, firewalls and web-threat scanning as provided by the AVG LinkScanner safe surf technology included in all commercial AVG products — are needed to ensure a safe computing environment.