While users are concerned about the threat posed by rogue anti-virus, claims have been made that thousands of websites are infected by a backdoor code.
Carl Leonard, Websense security labs manager, told SC Magazine that its Threatseeker Network was seeing more blended threats and SEO poisoning threats are changing not daily, but hourly. He said: “It is a sign of the times that everyone is interested in news and if an anti-virus alert pops up people think ‘why are they targeting me?' The only way to protect is through real-time analytics.”
He commented that with social engineering attacks, web-based exploits are becoming much more advanced and it was seeing more disguised code and obfuscated algorhythms. Among these is a threat that has hit ‘thousands of websites', infecting them with code with a purpose not to be visible so that the ‘rogue code' can be injected into websites.
Leonard said that this code was different from rogue anti-virus, as a user knows when they are being infected, but this code was executed from websites and it was not obvious to the user that they were being infected.
He said: “This will open a backdoor on the machine and the computer will slow down as the attacker will be able to slip malware on to it. So you need technology to stop things leaving, and that is where data loss prevention comes in.”
He further explained that users can be hit by code that is not meant to be on a website, for example with malvertising, but it was not as simple as a pop-up.