News Banner

Vendor News Page

Symantec report reveals malicious attacks focused toward

trusted web sites

2008-04-09 14:17:20

The latest Internet Security Threat Report (ISTR), Volume XIII released by Symantec Corp. concludes that the Web is now the primary conduit of attack activity, as opposed to network attacks, and that online users can increasingly be infected simply by visiting everyday Web sites. In the past, users had to visit intentionally malicious sites or click on malicious email attachments to become a victim of a security threat.

Today, hackers are compromising legitimate Web sites and using them as a distribution medium to attack home and enterprise computers. Symantec noticed that attackers are particularly targeting sites that are likely to be trusted by end users, such as social networking sites.

Attackers are leveraging site-specific vulnerabilities that can then be used as a means for launching other attacks. During the last six months of 2007, there were 11,253 site specificcross-site scripting vulnerabilities reported on the Internet; these represent vulnerabilities in individual Web sites. Phishing also continues to be a problem. In the last six months of 2007, Symantec observed 87,963 phishing hosts – computers that can host one or more phishing Web sites. This is an increase of 167 percent from the first half of 2007. Eighty percent of brands targeted by phishing attacks during the study period were in the financial sector.