Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

2M New Websites a Year Compromised To Serve Malware 72

Posted by kdawson from the wave-upon-wave dept.
SkiifGeek writes "Sophos claims that they are detecting 6,000 new sites daily that have been compromised to serve malware to unsuspecting site visitors, with 80% of site owners not aware that they have been compromised — though this figure is probably on the low side. With increasingly vocal arguments being put forward by security experts criticizing the performance and capability of site validation tools (though many of these experts offer their own tools and services for similar capabilities), and rising levels of blended attacks, perhaps it is time you reviewed the security of your site and what might be hiding in infrequently used directories."
This discussion has been archived. No new comments can be posted.

2M New Websites a Year Compromised To Serve Malware More

2M New Websites a Year Compromised To Serve Malware

Comments Filter:

  • How to Check a LAMP Server? (Score:4, Interesting)

    by MankyD ( 567984 ) on Friday January 25, 2008 @10:39AM (#22181118) Homepage
    Everytime I read about a new form of server malware, I try to check a LAMP server that I run. So far I've come up clean but I've hardly done a full inspection. Anyone know of a good way to scan a set up? Sophos says that they are detecting thousands of new sites - how are they scanning them?

  • Hmm, time to improve the common tools (Score:4, Interesting)

    by davidwr ( 791652 ) on Friday January 25, 2008 @10:43AM (#22181160) Homepage Journal
    Perhaps the time has come to harden the "common stacks" so certain switches are off.

    For example, once you set up your web site, "lock it" so if there are any changes to files or directories that shouldn't change, the site will break in a non-harmful way rather than be compromised.

    If and when these files need updating, the "unlock" process should be done using a tool independent of the main web-server process, perhaps by using a different web-server process running on a different port or even a process on a different computer that validates the request then passes it on to the main web server.

  • virtualized rootkits (Score:3, Interesting)

    by Speare ( 84249 ) on Friday January 25, 2008 @10:50AM (#22181252) Homepage Journal
    Okay, say someone's site is served by an ISP. The ISP gives the site owner a shell account and manages the LAMP infrastructure. The shell account is likely a virtualized instance, meant to limit the damage that each little site can do to the hosted infrastructure, not to limit the damage that the host does to little sites or their visitors. How can the site owner "check their own site" in such a case? Virtualization itself is a sort of rootkit conceptually, so how can the virtualized account check for malicious rootkits in its own instance or in the greater infrastructure?

  • 6000 sites? (Score:1, Interesting)

    by Anonymous Coward on Friday January 25, 2008 @10:54AM (#22181288)
    TFA says 6000 infected webpages. Could be a big difference, but TFA doesn't elaborate.

  • what does this look like from the client? (Score:4, Interesting)

    by oni ( 41625 ) on Friday January 25, 2008 @11:02AM (#22181410) Homepage
    If I run FF and keep it patched, am I safe? If I did get compromised, what would the symptoms be?

    I tend to think that keeping my OS patched keeps me pretty safe, but there's always a delay after a new vulnerability is discovered before the patches come out (the zero day) and what concerns me is that if someone has a very large network of compromised web servers, they can roll out a zero day vulnerability to all of them and do a lot of damage.

    As to symptoms, I think spyware used to be the big problem, and infected computers would have popups and such. But now I think that infected machines will be used primarily to send spam. Is that correct?

  • What I wanna know is ... (Score:3, Interesting)

    by jc42 ( 318812 ) on Friday January 25, 2008 @11:34AM (#22181798) Homepage Journal
    When do we get a FOSS runtime library for using this valuable public resource?

    Imagine all the useful things we could do for the world if we all had access to this distributed computing power.

  • 80% (Score:1, Interesting)

    by Anonymous Coward on Friday January 25, 2008 @11:55AM (#22182062)

    with 80% of site owners not aware that they have been compromised

    Wait. So 20% of site owners know their site has been comprimised and they haven't done anything about it and are still serving up malware? Sounds to me like someones making up statistics.

  • Yes... (Score:3, Interesting)

    by SigmundFloyd ( 994648 ) on Friday January 25, 2008 @12:00PM (#22182126)

    Sophos claims that they are detecting 6,000 new sites daily that have been compromised to serve malware
    ...but do they run Linux?

  • Vendor FUD or Real? (Score:4, Interesting)

    by a-zarkon! ( 1030790 ) on Friday January 25, 2008 @01:46PM (#22183860)
    I for one would like some description of how they're detecting these 6000 new sites per day. Also, what are they considering a website? Do they include bot systems that configured to listen on port 80 as part of the worm propagation and command/control? That's not really a website in my opinion, but it may be in theirs. It would be great if they published a list of the 42000 new websites they have discovered over the past 7 days, you know just to back up their claim. Wouldn't hurt to notify the owners of those sites that they've got a problem.

    Absent more detail, I am calling shenanigans on this statistic, Sophos, and the Register. I am soooo sick of the FUD.

    Harumph!

Slashdot Top Deals

To do nothing is to be nothing.

Close