Security specialist AVG released a report which analysed 165 web sites controlled by cyber criminals which infected more than 1.2 million computers.
AVG’s “Peek Inside Cybercrime Monetization Methods & Volume” report was based on research over a two month period which tracked 12 million visitors to the compromised web sites with a resulting 10 per cent infection success rate. The research was built using the AVG LinkScanner product data, identifying URLs that the product blocked when it identified a threat.
Speaking to PCR, AVG senior vice president Yuval Ben-Itzhak warned that social networking sites were another vector for attacks from cyber criminals.“Malware does not just infect computers, it’s written to collect information such as account numbers, passwords, addresses and phone numbers. Much of this is done through phishing and compromised web pages with exploits,” said Ben-Itzhak.
To find out what AVG says about the security implications of social networking, see Circling the wagons.
AVG’s cybercrime report focused on the rising popularity of one particular tool called the Eleonore Exploit toolkit which contains a number of hacks aimed at different computer systems in order to allow criminals to gain control over web sites and then infect computers visiting those web sites.
The Eleonore toolkit exploits the Sun Java JVM, Adobe Acrobat Reader, IE6, IE7 and Firefox browser vulnerabilities. The AVG report also contains tables which show International rankings of countries with the most number of compromised systems as well as ranking tables of web browsers which were successfully hacked by the compromise sites.
The Ukraine and Russia topped out the Eleonore toolkit-hacked sites while unsurprisingly Microsoft Internet Explorer 6 was the leading vector for successful hacks. Firefox 3.0, Internet Explorer 8.0 and Firefox 3.6 were next highest on the most-hacked list of browsers with Apple’s Safari browser most secure, possibly due to running on PC-systems.
AVG said that the only adequate protection comes from web security products which scan web content for threats. The company also offers a free anti-virus package with integrated web security LinKScanner.