Opinion: Web threats what you need to know

“In July 2008, the risk of exposure to web-based malware had increased by 443 percent compared to May 2008, and by 1636 percent compared to May 2007 (Source: ScanSafe STAT).

Consumers and businesses need real-time protection against transient web threats, which are the fastest-growing threats to Internet users today. These appear on one or more websites temporarily, from a few weeks to just a few seconds — they’re not only growing in number, but also in sophistication. They’re very tough to track and block from users’ machines,

Criminals buy ad space from an advertising aggregator and an exploit is run on an ad that rotates through hundreds or thousands of trusted websites; a frequent target is social network sites like Facebook or MySpace. Users are infected easily, often unwittingly and they don’t need to click on anything to become infected.

These transient web threats are often designed to steal information and identities – an issue affecting many Australians today.

According to the Australian Bureau of Statistics, Australians lost almost $1 billion to fraud and scams last year. More than 800,000 (or 5 percent of the population aged 15+) reported some instance of fraud.

Of those, 453,000 lost money totalling $977 million. Nearly 500,000 people were victims of identity fraud, with 77 percent reporting fraudulent transactions on their credit or bank cards, while 23 percent suffered identity theft involving unauthorised use of their personal details. These were used to conduct business, open accounts or take out loans illegally in their name.

Some security vendors use the blacklist approach where the software checks a URL against a blacklist database of sites that are known to have delivered malware in the past. That approach is mostly too slow to protect against transient threats — the threat is gone before it can be recorded into the database. Worse, at least for the operator of the affected site, the site shows up as infected even after the threat is gone.