While spam containing compromising programs has declined steeply, e-mail containing links to malicious sites is rising, writes Karlin Lillington
THE E-MAILS promise a slew of interesting and urgent stories: "McCain declares Obama a fraud, liar"; "Hamilton fined for speeding in France"; "Woman chokes after swallowing Tiffany diamond"; "Huge oil spill off California coastline".
But the links in such provocative e-mails take the unsuspecting to malicious websites that will try to get bank account or credit card details or - increasingly - have embedded malicious code that accesses the user's computer via their web browser.
"It is common for cybercriminals to spam out links to compromised websites, often using a subject line and message to tempt computer users into clicking through the promise of a breaking news story or a lewd topic," notes security company Sophos in its latest bi-annual Security Threat Report for the first half of 2008.
Such e-mails are the latest trend in spam, with plenty of this type now spewing into Irish inboxes, confirms Irish security company IT Force. In the past week in Ireland, about 1 per cent of Irish e-mails contained a virus while 90 per cent of e-mail was spam.
The company says spammers go through cycles of finding new ways to avoid spam-spotting software at internet service providers and on home and business PCs. In the past, they've used misspelled words in the subject headings to avoid detection, and then for a while used images within the body of the spam message so word checkers would be duped into allowing their e-mails to pass into inboxes.
Sophos says the number of e-mails carrying malicious programs has dropped steeply, while those containing a link to a "malware" - "malicious software" - site have risen rapidly in 2008.
The report says that the trend in cybercrime is for perpetrators to try and outfox existing protections, such as e-mail scanning software that protects again suspicious links, viruses and spam that may carry malicious programs.
The number of malicious websites has skyrocketed in the first half of 2008, with three times the number of websites being spotted by Sophos.
According to the report, the total number of unique malware samples in existence now exceeds 11 million, with Sophos identifying more than 16,000 new malicious sites daily, one every five seconds.
In 90 per cent of cases, websites that are spreading Trojan horse viruses (which sneak into a computer) and spyware (which may examine files, uncover passwords, and look for personal details) are legitimate company sites that have been unknowingly compromised by hackers. Some are for Fortune 500 companies.
Sophos says websites for European Cup 2008 ticket sales, Sony PlayStation, and UK broadcaster ITV were among those hit in 2008. But the number one host for malware on the web is Blogger (Blogspot.com), a free program owned by Google, which allows computer users to make their own weblogs.
According to the report, hackers set up malicious blogs on the service, or inject dangerous web links and content into innocent blogs in the form of comments.
Sophos says Blogspot.com alone accounts for some 2 per cent of the world's web-hosted malware. The US retains its position as the top malware-hosting country, with 38 per cent of malware based on US sites. China is next, with 31 per cent.
For those who try to stop hackers before they can exploit weaknesses in programs and websites, an IBM report out this week gives disappointing news.
According to the report, the habit of technologists to publish online quickly both a new weakness and a public "proof of concept" showing exactly how it could work gives hackers a model attack and lets them launch assaults faster than ever before - often within 24 hours, long before a patch can be developed.
The report has generated fresh debate on how much information about exploitable software bugs should be made public.
