Sophos: E-Mail Safer, but Watch Your Web Site

Carl Weinschenk

Sophos has released an interesting study that says malware is growing, but the method by which purveyors try to distribute it is changing. This jibes with comments being made by security experts for the past few months.


During the first quarter of 2006, Sophos said, far more than double the number of new threats were detected (23,864 versus 9,450, to be precise) during the first three months of last year.


Those numbers are just bad. The interesting numbers are that the percentage of infected e-mails dropped from 1.3 percent during the first three months of 2006 to 0.4 percent -- 1 in 256 -- during the first three months of 2007.


It seems that the cool viruses are hanging out at Web sites. Sophos says that it is identifying about 5,000 new infected Web pages daily. The explanation is simple enough: Malware purveyors are opportunists. As companies and individuals protect their e-mail infrastructure more effectively, the bad guys seek out easier attack "vectors." Right now, Web sites are it. The result is a significant rise in cross site scripting (XSS), buffer overflows, injection flaws and other Web site attacks.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.