- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
The percentage of threats arriving in e-mail that rely on links to malicious sites -- rather than arriving as a file attachment -- has ballooned 10-fold since the first quarter of the year, a security company said today.
In a report published Thursday, U.K.-based MessageLabs said that 35% of the e-mail threats it now detects use embedded links to infect computers instead of the more traditional file attachments. In the March-June time frame, that figure was 20.2%, said the company. And in the opening quarter of 2007, a mere 3.3% of the intercepted threats carried links.
The links, said Paul Wood, a MessageLabs senior security analyst, lead unwary users directly to malware downloads, or increasingly, to purposefully-crafted sites that sport malicious JavaScript. "The volume of attacks using attachments has diminished over the last 18 months," said Wood, "while the number using links has shown a massive increase."
MessageLabs' data jibes with recent analyses by other security vendors, which have all noted the rapid increase in Web-based attacks -- often from legitimate sites that have been compromised by criminals. Such trusted sites make perfect lures for drawing in users, whose browsers are then typically attacked through one or more unpatched vulnerabilities, allowing rogue code -- often spyware or a Trojan horse that hijacks the PC to add it to a growing botnet -- to be installed.
"The bad guys know that most people have learned not to open attachments," said Wood. "E-mail is still the preferred attacker vehicle for getting their 'message' across, but now they're using links. They know people still follow links."
Rss FeedRss Feed
IBM spent all that money on a mass rollout of PGP Whole Disk Encryption, just when its discovered that...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment