IBM: No Such Thing as a Safe Browsing Environment

• By Dian Schaffhauser
• 08/28/09

Malicious content on trusted sites is dramatically increasing, according to new research from IBM. The company recently released results from its X-Force 2009 Mid-Year Trend and Risk Report, which shows an unprecedented state of Web insecurity.

Five times as many malicious Web links have been discovered in the first half of 2009 as in the previous period studied. This problem is no longer limited to malicious domains or untrusted sites. The report notes an increase in the presence of malicious content on trusted sites, including search engines, blogs, bulletin boards, personal Web sites, online magazines, and consumer news sites. The ability to gain access and manipulate data remains the primary consequence of vulnerability exploitations.

IBM also reports that the level of veiled Web exploits, especially PDF files, are at an all-time high, pointing to increased sophistication of attackers. PDF vulnerabilities disclosed in the first half of 2009 surpassed disclosures from all of 2008. From the first quarter to the second quarter, the amount of suspicious, obfuscated, or concealed content monitored by the IBM Internet Security Systems (ISS) Managed Security Services team nearly doubled.

"The trends highlighted by the report seem to indicate that the Internet has finally taken on the characteristics of the Wild West, where no one is to be trusted," said X-Force Director Kris Lamb. "There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We've reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity."

IBM's research found a significant rise in Web application attacks with the intent to steal and manipulate data and take command and control of infected computers. For example, SQL injection attacks--attacks where criminals inject malicious code into legitimate Web sites, usually for the purpose of infecting visitors' computers--ramped up 50 percent from the last quarter of 2008 to the first quarter of 2009, then nearly doubled from Q1 to Q2 this year.

"The trends seem to reveal a fundamental security weakness in the Web ecosystem, where interoperability between browsers, plug-ins, content, and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users."

The research also reported that:

• Trojans dominate. In the first half of 2009, Trojans comprised 55 percent of all new malware. Information-stealing Trojans are the most prevalent malware category.
• Phishing is down. Analysts believe that banking Trojans are taking the place of phishing attacks geared toward financial targets.
• Vendors are behind in supplying patches. Nearly half of vulnerabilities disclosed in the first half of this year had no vendor-supplied patch at the end of the period.

The 90-page report is available online with a registration.