The volume of malware has grown dramatically during the first three months of 2007 with the web being used increasingly to distribute the code, according to a new internet security report.

According to a study from Sophos, an antivirus and anti-spam company, researchers discovered 23,864 new threats in the first three months of 2007, more than double the 9,450 found in the same period last year.

The company said this growth was spurred by a new movement to place malicious programs on websites rather than send them through e-mail attachments. The percentage of infected email dropped from 1.3 per cent, or one in 77 emails, in the first three months of 2006, to one in 256, or just 0.4 per cent, in 2007.

“With computer users becoming increasingly aware of how to protect against email-aware viruses and malware, hackers have turned to the web as their preferred vector of attack,” said the report.

Not all of the infected websites were created by the hackers themselves. Infact, seventy percent of the infected web pages were bonafide websites that had been hacked into because they had not been sufficiently protected.

“It’s shocking that such a high percentage of web sites are vulnerable to hackers – this is definitely a big concern,” O’Brien said. “Web site owners need to step up to bat, put more emphasis on safeguarding their sites, and if needed, allocate more resources to ensure that the proper security is in place.”

“By targeting a whole range of internet pages, hackers are successfully infecting a larger number of unwary surfers. Any ill-maintained website can fall victim,” said Carole Theriault, senior security consultant at Sophos.

Sophos said that it was able to identify an average of 5,000 newly infected Web sites each day, and said that China has become the leading host of malware-hosting URLs, accounting for 41 percent of all online attacks.

The top ten countries hosting web-based malware in Q1 2007 were as follows:

1. China (41.1%)
2. United States (29.2%)
3. Russia (4.6%)
4. Germany (4.6%)
5. Ukraine (3.9%)
6. United Kingdom (3.0%)
7. France (2.2%)
8. Netherlands (1.9%)
9. South Korea(1.3%)
10. Taiwan(1.0%)

“We’re now seeing a rapid rise in the number of active cybercriminal groups in China looking to profit from exploits,” Roger Thompson,  co-founder of ANI Exploit said. “The technical sophistication of Chinese exploit code is easily on a par with code coming out of the U.S. and Russia.” There’s a global shift that is taking place with China becoming a center for suspicious activity, he added.

Related:

Entry was posted on Thursday, April 26th, 2007 at 11:18 pm under Security, Technology.

Read more entries by Ruben Francia.
Stumble It!