Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Most Malware Is Launched From Legit Web Sites
January 28, 2008 12:00 PM ET
Computerworld - The majority of Web sites serving up attack code are legitimate domains that have been hacked by criminals, according to security research firm Websense Inc.
In a report released last week, San Diego-based Websense said that credible sites accounted for 51% of those classified as malicious. The sites had been compromised by hackers who seeded them with attack code that infected unpatched machines visiting those addresses, it said.
A year earlier, Websense estimated that about 35% of malicious sites were actually legitimate sites that had been compromised.
The remaining deleterious sites were "intentionally built for malicious intent," the Websense report said.
Hacking legitimate sites so that they can sling malware gives attackers distinct advantages, said Dan Hubbard, vice president of security research at Websense. "It's a great vector, because they don't need to drive users to the sites, they get free hosting, and [it's] hard to trace ownership," he said.
"The trend has definitely been accelerating," said John Pescatore, an analyst at Gartner Inc. It has become "harder for criminals to do the more traditional kind of phishing attacks."
He noted that hackers have been aided by "the growth in social networking sites and blogs, where security is just not one of the ingredients. Hackers are saying, 'It's easier to put our malware on these sites than to build our own.'"
Pescatore said the growth of Web 2.0 technologies and mashups "may make this even worse. If I can trick you into mashing up stuff from my sites on yours, then I can put malicious code in your mashups."
He suggested that users install what Gartner calls "Web security gateways," the URL-blocking tools available from security companies. "We're also telling them to turn on the inbound Web filtering that detects malicious code," Pescatore added.
An example of such hacks occurred about a year ago, when the Web sites of the Miami Dolphins football team and Dolphin Stadium, site of the 2007 Super Bowl, were hacked to serve malicious JavaScript code that tried to load a Trojan horse onto unpatched PCs that visited the sites.
Read more about security in Computerworld's Security Knowledge Center.
websense
Additional Resources
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.
Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Computerworld Reports
Sign up to receive updates on the latest Security resources
