Companies need to scan their websites for malicious code in the same way that they scan email.
In its 2009 Security Threat Report, Sophos has blamed the USA for a deluge of internet attacks over the past year. It claims that more malware is hosted on American websites and more spam is relayed from American computers than any other country.
Graham Cluley, senior technology consultant for Sophos, said: “Not only is the USA relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but it's also carrying the most malicious web pages.
“We would like to see the States making less of an impact on the charts in the coming year. American computers, whether knowingly or not, are making a disturbingly large contribution to the problems of viruses and spam affecting all of us today.”
Cluley further claimed that businesses need to get themselves in order, as they are publishing data and any website can now be exploited. Its research shows that there is 19,000 newly infected websites every day, equal to an infection every four and a half seconds, which is three times faster than in 2007.
Cluley said: “The problem is that before people would be wary of any suspicious sites, such as pornography or gambling, but now anything can infect you, so what do we tell the users? The only way is to scan web access just like you scan emails, and ensure that the HTML code and scripts are clean of injections. You can't rely on a web filter list of known bad websites to keep yourself safe.”
Sophos is also expecting hackers to begin creating spam attachment files that are disguised as .doc and PDF files, rather than the typical .exe documents. Cluley claimed that this is because hackers do not feel that this sort of thing will be picked up by people, and as they are files that are used regularly they are easy to send and utilise.
Cluley said: “Hackers are looking for common programs that are used regularly. You have to keep your Adobe reader and Office up-to-date as hackers are looking for new vulnerabilities in these platforms.”