March 26, 2008Yay! SophosLabs Asking the Right Questions
A SophosLabs blog entry reveals startling statistics about the quantity of potentially deadly web pages that host malware installers of one type or another. They claim that their scans unearth a newly infected page every 14 seconds.
Quick, tell me how many different web pages you visit in a typical 24-hour period. I don't think I could give you an accurate count of my activity, but I'd wager that a web-enabled individual visits a couple hundred pages a day. Given that the web encourages you to have the attention span of a gnat on crack, the average number is certainly much higher for younger folk who believe they have the mental agility to hypertask.
According to SophosLabs, if you visit a couple hundred pages a day, it is likely that at least one of those pages will host malware that is dangerous enough for Sophos security software to block. Since Justin or Tiffany in their family home bedrooms don't access the Internet through Sophos security software, their unpatched PCs are just begging to be taken over—even if they are visiting normally trusted sites for homework.
The big, as-yet unanswered question, however, is through what means the Bad Guys are luring potential victims to compromised web pages, especially those set up intentionally to screw visiting PCs. From the blog:
How are users getting to these sites? Via search engine results or directed to them by spam? Where are the sites? Are they newly infected sites or sites that have been around for a long time?
SophosLabs promises to use its research resources to investigate those questions. I hope they go even further if one of the answers is that spam contributes to visits. I'd like to know what it is about the spam that lures victims. Sophos captures a lot of spam, so perhaps they can correlate spamvertised links against infected page URLs. Get those wise computers a-crunchin'.Posted on March 26, 2008 at 11:33 AM