Security firm Dasient has compiled some interesting numbers regarding the slums of the internet, in particular the number of pages hosting malware. Combined with numbers released earlier this year by Microsoft and Google it leads to a disturbing and messy forecast.
According to the study an estimated 5.8 million pages within 640,000 websites were infected with code designed to impregnate visitors’’ computers with malware. Microsoft released numbers back in April regarding this same statistic claiming only 3 million pages were infected. In approximately 6 to 7 months, the internet garbage pile has close to doubled. During a similar period, Google doubled its blocked site metric to just fewer than 350,000.
The cleaning process isn’t easy because sites are getting re-infected just as quickly as they are getting clean. In fact, 39.6 percent of compromised sites have been compromised in the past and were cleaned up.
Old versions of common programs such as Adobe Flash and Acrobat provide easy targets for exploiting large numbers of clients all at once. "Hackers are starting to see some success from these attacks and whenever they see success, they continue to invest more," said Ameet Ranadive co-founder of Dasient.
New Research by Trend Micro suggests that some malware infections hang around for as long as two years in some circumstances. This new data refutes previous estimates that the infection limit was approximately six weeks. Their research consisted of the analysis of over 100 million compromised IPs where they found that four out of five machines remain infected for longer than a month.
They concluded that if machines were not disinfected quickly, that those infections would linger until the machines were disconnected altogether, speculating replacement as the eventual solution.
After further investigation into network botnets, Trend Micro was also able to pinpoint that the majority of identity-theft reports traced back to three agent strains: Koobface, Zeus/Zbot and Ilomo/Clampi. In particular, the hysterically named Koobface botnet updated its infrastructure to use proxies and relays making it nearly impossible to eradicate.
Be warned, a cabal of Russian cyber criminals is on the loose and actively pillaging vast expanses of the internet. The gang slyly assumes the administrative responsibilities of large corporate and government networks and then quickly plants malicious tools on thousands of computers in that network. Security analysts reckon this to be the most well coordinated, systematic use of administrative tools for malicious purposes.
The group’s activities came to light when Joe Stewarts of Atlanta-based computer security firm SecureWorks found that a central program belonging to the Russian bandits was running at a Wisconsin-based Internet hosting facility. He estimated that 100,000 computers had been compromised. He promptly notified a federal law enforcement agency that proceeded to boot of the central program. But the gang, unfazed, quickly relocated the tool to a network in Ukraine.