ITC Security Threat of the Week – Week 11: Microsoft: Malicious Websites Surpass Worms as top Enterprise Security Threat

Microsoft has recently released the fourteenth volume of its Security Intelligence Report. Using information from over one billion systems, in over a hundred countries the report is a useful tool for those who want to avoid infection. Interestingly, Microsoft have found that web-based attacks are now the number one threat to look out for whilst network worms are actually beginning to decline.

This is big news as for the past three and a half years, the Win 32/Conficker worm has been the most dangerous threat facing enterprises. This all changed recently when experts saw a staggering 37% decrease in the reports of the Conficker and Autorun worms within enterprise computers, from 2011. Although these worms can cause a substantial amount of damage once they infiltrate a system, their modes of infection are well known and no new variants of the malware have been released for a long time.

Unfortunately as one threat falls into decline, another gains momentum – in this case compromised websites. This type of malware uses many different methods of infection with one of the main ones being iFrame redirection. A small piece of JavaScript tries to redirect your browser to a specific site that will download malware onto your computer. Microsoft have seen an increase in these types of exploits over the past couple of years, with levels higher than they have ever been.

Another worrying trend can be seen with a new strain of malware called ‘Magic Malware’. This advanced and targeted threat has remained undetected in machines for the past eleven months and its purpose is still unknown. The majority of infected machines have been based in the UK and includes industries such as finance, telecoms and education. Magic Malware is identified by security vendors/AV shops as: Asetus, Tilon or Win32.Enchanim. It is unclear what the exact purpose of this Malware is although CyberCrime is suspected.

If you are concerned about these or other online threats, please contact ITC Secure Networking for a demonstration of Netsure 360°security management which uses logging, vulnerability assessment, content analysis and event correlation with continuous threat feed updates to provide Malware detection and remediation.