Drive-by malware targets business Web sites

It is difficult for an enterprise to protect itself from malicious code embedded in its Web site, targeting its customers, according to an analyst with Info-Tech Research Group Ltd.

“No one’s going to target a business,” James Quin said. “Consumers are targeted. It’s all for financial data and information.”

The sites being attacked are often reputable business sites with vulnerabilities. The malware is implanted in the business’ Wwebsite and then infects visitors to the site, stealing personal information. 

“It’s a fairly prevalent attack,” Quin said. “It’s happening to enterprises just as much as it’s happening to consumers.”

Hacking accounted for 60 per cent of the identities exposed in 2009, 22 per cent more than in 2008, according to the Internet Security Threat Report XV.

These so-called “drive-bys” can hurt a business’ reputation by scaring off customers because malware is associated with its infected site, according to Tim Callan, head of marketing for VeriSign at Symantec.

Businesses can use firewalls to control outbound traffic as well as inbound traffic. If a company wants to prevent all possibilities of this attack, it can ban employees from browsing the Internet. However, in many cases that is not practical. Reputation filtering services, flagging malware and sites with malware, are other anti-malware solutions; however, an organization should ensure it has appropriate internet security in place. Enterprises should make sure there are no patches on their websites.

Calgary Technologies Inc., a not-for-profit provider of technology and services and programs, was a victim of drive-by malware. Its green tech site,, became infected, redirecting visitors to other sites and embedding malware in their computers or shutting the site down. The attacks occurred a few times a week.

“We had people taking advantage of our vulnerability in the code of our sites,” said Jesse Hollis, a manager at Calgary Technologies.

Calgary Technologies reverted to an older version of the site, but later moved on to using VeriSign to patch the vulnerability and increase security on their site. VeriSign, owned by information security vendor Symantec, ensures Web sites are safe from malware by checking Web sites with its seal of certification on a daily basis. More than a 100,000 Web sites have the VeriSign seal, according to Callan. VeriSign encrypts private customer information like credit card numbers so it is unattainable by third party spyware.

“Most businesses see a 24 per cent increase in business after using the seal,” Callan said.


Related Download
What is an Application Delivery Controller Sponsor: Softchoice
What is an Application Delivery Controller
Download this white paper to learn the core services ADCs provide and its benefit to both users and application administrators.
Register Now