This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Malware became more prominent on user-generated content websites and social networking platforms in 2010

Share this article:

Malware has moved from the dark corner of the internet to more popular areas, such as online storage and open/mixed content sources.

Blue Coat Systems' 2011 web security report, which examines web behaviour and the malware to which users are most frequently exposed, found that malware hides in acceptable web categories. The number of new online storage sites hosting malware increased by 13 per cent, while the number of new open/mixed content sites hosting malware increased by 29 per cent.

Dave Ewart, director of product marketing for Blue Coat, told SC Magazine that both of these categories typically fall within acceptable use policies for most companies, which could cause a problem when trying to avoid infection.

“If you asked some older users of the internet where you get viruses from they would say it is from pornography sites or online gambling and pornography is still popular as the area is dark and dangerous, but it is shocking that online storage went up by 13 per cent in a year, while open/mixed content mash-up sites went up by 29 per cent,” he said.

“Those websites typically do not get detected on a reputation-based system and user based reputation-based technology on a traditional system does not cut it anymore. This calls into question anyone who relies on reputation-based filtering and one of the technologies we offer is to scan in real-time to create a report on what is going on.”

The report, which analysed web requests from the Blue Coat WebPulse service, which rates nearly three billion requests in real-time on a weekly basis, also found that social networking sites are becoming more of a malware vector.

With social network phishing and click-jacking attacks two of the most common types of attacks on the likes of Facebook and Twitter thoughout 2010, the report said that the shift of phishing attacks to social networks is particularly driven by the attempt to obtain user credentials that can also provide access to banking, financial and other online accounts that use shared passwords.

Ewart said: “Social networking is now the second most requested category of website and we are also seeing that webmail applications are really suffering. It is obvious that traditional communications are falling as ‘generation Y' prefer to talk using Facebook.” 

Steve Daheb, chief marketing officer and senior vice president at Blue Coat, said: “Today, dynamic web links are the most powerful tool cyber crime has and static web ratings that require update cycles are too slow when the bad guys can harvest users within minutes.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

China refutes new FBI hacking claims

China refutes new FBI hacking claims

It's been another week of claims and counterclaims as the US and Chinese governments accuse each other of deviant cyber security practices.

SC Exclusive: Bank of England to appoint new CISO in January

SC Exclusive: Bank of England to appoint new ...

Bank of England Chief Information Security Officer (CISO) Don Randall is to leave his post in the New Year to take up an unspecified supervisory role, with William Brandon set ...

Sandworm vulnerability seen targeting SCADA-based systems

Sandworm vulnerability seen targeting SCADA-based systems

Hard on the heels of the `Sandworm' spy group revealed by iSIGHT Partners earlier in the week, Trend Micro says its has spotted the zero-day vulnerability of the same name ...