ZDNet UK

• CNET NETWORKS UK BUSINESS SITES:
• atlarge.com
• BNET UK
• silicon.com
• SmartPlanet.com
• ZDNet.co.uk

Be alert to booby-trapped web pages

• Tags:
• Threat,
• Malicious,
• Activity,
• Definition

Joris Evers CNET News.com

Published: 30 Jul 2007 15:37 BST

• 
• 
• 
• 
• 

What a world. First worms and viruses, then phishing schemes. Now, cautions Trend Micro chief technology officer Raimund Genes, your online life may be about to get much hairier.

Welcome to the brave new world of booby-trapped web pages. If Trend Micro's predictions hold up, more cyberattacks will originate from the web than they do from email.

That shift is expected to take place sometime next year, according to Genes.

Q: At the Gartner IT conference earlier this year, you talked about how web threats are going to outdo or surpass email threats. Can you flesh that out a bit? What do you mean by a web threat?
A: Yes. A web threat is something that uses the internet to execute malicious activity. So, for example, even something that arrives via email, if it can't survive without additional downloads from the internet, it still constitutes a web threat. It might be an email containing a URL, but all the rest works via the internet.

If an email contains the URL, does it qualify as a web threat or is it still an email threat, according to your definition?
It's a web threat because everything that needs the internet to execute a malicious activity is a web threat. What we are also seeing among enterprise users, with pretty tight security on email, is that the main infection vector is actually over the web. They do a good job in email filtering, but a bad or no job at all when it comes to web filtering.

Is that the only reason web threats are becoming bigger?
No, it's also because it's more attractive for the bad guys. If webmasters are careless, then you have a perfect infection scene. You have a silent killer and you don't have the email evidence to trace it back to the initial infection scene. It's perfect for espionage and all kinds of stuff.

Are these web threats targeted at a particular audience or are they pretty much trying to get whoever they can get?
Overall, they try to get anyone they can because it's mainly to plant a bot or to hijack a computer. Let's face it: everybody is a consumer somehow — especially the enterprise users who use a notebook at home.

How do you defend yourself?
You could outsource email security. But with web security, it's more difficult. You're talking about massive investments from the hosting sites to do this at an acceptable speed via an external proxy. I haven't seen this model really working. There are some start-ups offering this, but I wonder how much money they lose every month.

What can consumers do to guard or protect themselves?
They could do a lot. They regularly have to patch the operating system and the browser. And they should use alternative browsers. They shouldn't use widespread browsers like Internet Explorer. This doesn't mean that Firefox does not have vulnerabilities, but most of the web threats we are seeing are connected to having Internet Explorer. By moving to an alternative browser, you already do a kind of risk mitigation.

You're not saying the solution is to install some kind of security software?
No. Of course installing security is, for me, baseline. It's like patching an operating system. But look: we could come out and say we will be able to protect all our users. But we never will be able to offer 100 percent protection. Nobody can.

What happens with typical web threats? What do these things do to your computer or what do they attempt to do?
They attempt to convert your computer into a bot. It could be a spambot or it could be a distributed denial-of-service attack bot. It could be a key logger, an information stealer. It tries to use your computer power.

Most of the bots we see are really to create spam on the infected machines. They also attempt to use them for distributed denial-of-service attacks, to hold people ransom and to attack them with a lot of computers. The third thing they try is, of course, to function as an information stealer. It is trained to recognise the format of your credit card while you type in the number or while you do your online purchases. It will look for certain keywords and documents.

You talked about using a different browser or using a virtual machine. Should corporations do the same things or are there different things you recommend?
No. Based on user behaviour this will just be difficult to enforce. And of course, there's a loss of productivity. Some companies are pretty radical about what they're using... and they strictly define what is allowed within a corporate environment. For instance, whether (instant messaging) is allowed or if peer-to-peer networking is allowed.

In a corporate environment this could be company-threatening. Maybe the malware hasn't been targeted to actually attack the company. But guess what happens when the attacker sees a lot of documents or a lot of stuff that's confidential? He will try to sell it.

What's the breakdown between email threats versus the web threat definition?
There is an increase in web threats compared with normal worms... the number of worms has increased by 22 percent since first-quarter 2005, while web threats have increased by 540 percent.

Would you call this a new era of threats, or is there no such big word needed to describe web threats?
I wouldn't call it a new era, it's just logical. Nowadays, the bad guys try to make money out of it. To make money they have to control something as long as possible. And they have to update it because the bot, after a certain amount of activity, gets outdated in about a week.

• 
• 
• 
• 

• Share this article:
• 
• 
• 
• 
•