Security audit for commercial sites


June 15, 2012

An interesting note found in a recent online security report has stated that malicious programmers have begun to target specific social websites for drive-by infections.

While in the past scammers would set up their own pages and attempt to drive traffic to them to gain control over a victim’s machine or network, there has been a shift in recent years towards compromising legitimate URLs.

According to the Malicious Code Trends section in Symantec’s Internet Security Threat Report 2011 – published back in April 2012 – approximately 61 per cent of all sites listed as containing shadowy programs are “actually regular web sites that have been compromised and infected with malicious code”.

The top five sites for these kinds of attacks are blogs, personal sites, business or economics pages, online shopping venues and educational references.

It could be that the largest of these – the blogs and personal communications sector at 19.8 per cent – are the least well defended because they tend to be utilised by their owners as a communications platform and journal rather than a money-making enterprise.

This theory seems to be backed up by the fact that the second-largest proportion of legitimate sites infected with malware is personal hosting services on 15.6 per cent – a result that seems to follow a noticeable trend.

It could be that the activities the pages are meant to support have a direct effect on the amount of effort that is put into ensuring their safety for visitors.

People who are in charge of commercial sites and sales channels – ten per cent and seven per cent respectively – are more experienced with controlling how their back end is accessed and how to defend against malicious activities.

The difference is that – while it is in everyone’s best interests to protect repeat visitors to online venues – commercial concerns simply have more to lose by allowing their customers and clients to suffer from their lack of in-depth vulnerability management schedules.

That being said, the fact is that 17 per cent of legitimate sites infected with malware belong to enterprises that either trade goods and services or relay economic and financial information to their customers.

This means that every incident of infection has the potential to disrupt their flow of income – be it from advertising revenue or customer transactions.

Leave a Reply

Your email address will not be published. Required fields are marked *