Bad Links Ballons...
October 2007
In a report published today, U.K.-based MessageLabs Ltd. said that 35 percent of the e-mail threats it now detects use embedded links to infect computers instead of the more traditional file attachments. In the March-June time frame, that figure was 20.2 percent, said the company. And in the opening quarter of 2007, a mere 3.3 percent of the intercepted threats carried links. The links, said a MessageLabs senior security analyst, lead unwary users directly to malware downloads or, increasingly, to purposefully-crafted sites that support maliciousjava_script code. “The volume of attacks using attachments has diminished over the last 18 months, while the number using links has shown a massive increase,” he said. MessageLabs’ data corroborates recent analyses by other security vendors, which have all noted the rapid increase in Web-based attacks – often from legitimate sites that have been compromised by criminals. Such trusted sites make perfect lures for drawing in users, whose browsers are then typically attacked through one or more unpatched vulnerabilities, allowing rogue code – often spyware or a Trojan horse that hijacks the PC to add it to a growing botnet – to be installed. “The bad guys know that most people have learned not to open attachments,” said the MessageLabs specialist. “E-mail is still the preferred attacker vehicle for getting their ‘message’ across, but now they're using links. They know people still follow links.”
In a report published today, U.K.-based MessageLabs Ltd. said that 35 percent of the e-mail threats it now detects use embedded links to infect computers instead of the more traditional file attachments. In the March-June time frame, that figure was 20.2 percent, said the company. And in the opening quarter of 2007, a mere 3.3 percent of the intercepted threats carried links. The links, said a MessageLabs senior security analyst, lead unwary users directly to malware downloads or, increasingly, to purposefully-crafted sites that support maliciousjava_script code. “The volume of attacks using attachments has diminished over the last 18 months, while the number using links has shown a massive increase,” he said. MessageLabs’ data corroborates recent analyses by other security vendors, which have all noted the rapid increase in Web-based attacks – often from legitimate sites that have been compromised by criminals. Such trusted sites make perfect lures for drawing in users, whose browsers are then typically attacked through one or more unpatched vulnerabilities, allowing rogue code – often spyware or a Trojan horse that hijacks the PC to add it to a growing botnet – to be installed. “The bad guys know that most people have learned not to open attachments,” said the MessageLabs specialist. “E-mail is still the preferred attacker vehicle for getting their ‘message’ across, but now they're using links. They know people still follow links.”
posted by arkietechs at 8:56 AM
0 Comments:
Post a Comment
<< Home