Online criminals are waging a highly sophisticated war by exploiting vulnerabilities in end users Web browsers using drive-by downloads.
“Google Anti-Malware Team has indicated that more than three million unique URLs on over 180,000 websites were victimized by automatically installed malware. IBM has reported that criminals are now turning their attention to directly attacking Web browsers in order to steal identities, gain access to online accounts and other illicit revenue-generating activities," said Yuval Ben-Itzhak, CTO with Finjan.
"As reported in our third and fourth quarter trend reports of 2006 as well as our 2007and 2008 trend reports, our research teams already identified at that time the trend that more and more criminal elements of hackerdom were using these techniques with a great success," he added.
Google’s team also reported that on average 2% of malicious websites were delivering malware via advertising.
According to Ben-Itzhak, Internet users - both business users and individuals - should use additional security technologies that can identify malware by its intended behaviour – in other words: what it does.
Solely relying on signatures that only scan what Web content looks like, or on URL filtering that checks where Web content came from, is risky.