New report reveals web malware on infected sites remains active longer Tuesday 1 April 2008 PDF Print Amanda Hassall Six Degrees Limited Tel: +44 (0)1628 480280/+44 (0)7855 359889 Skype name: MandyHass Compromised Websites hosting zero-day malware remain live 61 days, leaving many people vulnerable LONDON March 31, 2008 — ScanSafe, leading provider of Web security-as-a-service, has released the results of a study of the more than 80 billion Web requests it scanned and 800 million Web threats it blocked in 2007 on behalf of corporate customers in more than 50 countries across five continents. It represents the world’s largest security analysis of real-world corporate Web traffic. Among the study’s key findings, Web threats, including viruses, Trojans, password stealers and other forms of malware are becoming more prevalent; increasing numbers of legitimate sites are unknowingly hosting malware; and compromised sites are remaining infected longer — in some cases more than two months. “The numbers speak for themselves,” says Mary Landesman, senior security researcher, ScanSafe. “Not only has there been a significant increase in known malware, but on average, zero-day or ‘new’ threats accounted for 21 per cent of all the malware ScanSafe blocked. Further, this malware is remaining active on sites for weeks and in some cases months, leaving users exposed and representing a huge window of opportunity for cyber criminals.” Malware on the Web up 61 per cent and Zero-day threats account for 21 per cent of all web malware ScanSafe’s analysis found a 61 per cent increase in malware during the second half of 2007. Twenty-one per cent of all the malware blocked by ScanSafe in 2007 was zero-day malware — new malware for which there is no existing patch or anti-virus signature — leaving businesses relying on signature updates vulnerable to exposure. The most frequently encountered malware is designed to steal passwords and other sensitive financial information from bank accounts and even online games —putting corporate and personal financial information at greater risk and opening businesses to legal liability and compliance risks. In particular, the most frequently blocked final stage malware were password-stealing Trojans targeting online gamers. Online gaming while at work, once thought to be just a productivity drain, is now a significant security risk. Quite often, game-targeting Trojans also harbour a backdoor or key logging feature that exposes other sensitive data unrelated to gaming. Malware-infected websites remain live longer, increasing risk of exposure to attack There has been a significant increase in the amount of time a site is delivering malware (also known as 'time to life’ or ‘TTL’): • In the second half of 2007, malware on infected sites remained live for an average of 29 days, a 62 per cent increase from 18 days during the first half of the year. • Zero-day threats have an even a longer shelf life once they compromise a website. Websites infected with zero-day malware remained live an average of 61 days in the second half of 2007 up 190 per cent from 21 days during the first half of 2007. • The average TTL for all malware blocks over the course of the year was 24 days. The report also notes that the complex network of advertising providers and advertising affiliates has made it increasingly easier for attackers to surreptitiously insert malicious advertising. One rogue partner and a large number of sites can begin delivering malware, potentially exposing millions. In 2007 several high profile sports sites unwittingly served malicious ads, including the websites for TheSun.co.uk, MySpace.com and PhotoBucket.com. A full copy of the report is available on the ScanSafe web site www.scansafe.com. About ScanSafe ScanSafe is the largest global provider of Web Security-as-a-Service, ensuring a safe and productive Internet environment for businesses. ScanSafe solutions keep viruses and spyware off corporate networks and allow businesses to control and secure the use of the Web and instant messaging. As a fully managed service, ScanSafe's solutions require no hardware, upfront capital costs or maintenance and provide unparalleled real-time threat protection. Powered by its proactive, multilayered Outbreak Intelligence TM threat detection technology, ScanSafe scans more than 8 billion Web requests and blocks 80 million threats each month for customers in over 50 countries. With offices in London and San Mateo, California, ScanSafe is privately owned and financed by Benchmark Capital and Scale Venture Partners. The company received a 2007 CODiE award for Best Software as a Service Solution, the 2007 SC Magazine Europe Award for Best Content Security Solution and was named one of Red Herring’s Top 100 Technology companies. For more information, visit www.scansafe.com. ### This press release was distributed by ResponseSource Press Release Wire on behalf of Six Degrees Limited in the following categories: Consumer Technology, Business & Finance, Computing & Telecoms, for more information visit http://pressreleasewire.responsesource.com/about.