• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Brand Quest
• The New Manager

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth
• Events 2007

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R. Savitha

Pune, April 3 By the end of 2008, about a million viruses and Trojans will pass. This is the finding of F Secure Corporation, which has reported that on an average, about 25,000 malware samples are received every day. It also points out that while there are more viruses being created than before, people often actually report seeing less of them.

One reason is that malware authors are once again changing their tactics of how to infect the computers. A year or two ago, most malware were spread via e-mail attachments, resulting in mass outbreaks such as Bagle, Mydoom and Warezov. Nowadays sending .EXE attachments in e-mail doesn’t work so well, as almost every organisation is filtering out such risky attachments from their e-mail traffic. The new preferred way is by drive-by downloads on the Web. These attacks often start with an e-mail spam run but the attachment in the e-mail has been replaced by a Web link, which is linked to the malicious Web site. So instead of getting infected over SMTP, infection is over HTTP.

Companies often measure their risk of getting infected by looking at the amount of stopped attachments at their e-mail gateway. Those numbers are definitely going down, but the actual risk of getting infected probably isn’t. Individuals and companies should scan their Web traffic for malware – as well as filtering their FTP traffic. “In parallel to the switch from SMTP to HTTP as a way of spreading malware, we are now also seeing more and more malicious e-mails that link to malware via FTP links.”

A common approach is to launch an e-mail spam campaign containing messages to click on a link. Messages like “There is a video of you on YouTube”, or “You have received a greeting card”, or “Thank you for your order” have been popular baits.

Another is to create many Web pages with thousands of different keywords which are indexed by Google, and then wait for people to visit these sites. So when one searches for something innocuous such as "knitting mittens" (as a random example), and click on a search result that looks just like all the others, the computer is getting infected.

The third method involves hacking into existing high profile, high traffic Web sites. They simply insert a line of java script on the front page which uses an exploit to infect the machine. Everything works and looks as normal. F Secure noted that MBR rootkit – known as Mebroot – is probably the stealthiest recent malware distributed by drive-by downloads.

More Stories on : Security

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
DenuoSource sets up second KPO centre

Copyright © 2008, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line