IT security and control firm Sophos warns that an increasing proportion of web malware is being found on UK websites.
In August 2007, the UK was the seventh worst offender in the list of countries hosting infected web pages, accounting for 0.8%. By April 2008, the figure stood at 1.1% and in November 2008, it was 1.7%.
Sophos’s latest threat report (available to download at www.sophos.com/securityreport2009), claims that more malware is hosted on websites in America than any other country. However, it appears that the UK is increasingly a part of the problem, particularly given that SophosLabs discovers one new infected webpage worldwide every 4.5 seconds.
“While the UK is clearly not the worst offender, the fact that it is responsible for an increasing percentage of infected sites is worrying news,” said Graham Cluley, senior technology consultant, Sophos. “With web threats still on the rise, not only must website owners take a proactive approach to securing their sites, but all users browsing the internet should also take steps to protect themselves.”
Cluley suggests the following New Year resolutions for web site owners, operators and hosters:
AS A WEB SITE OPERATOR, I WILL consider protecting my web servers with preventative (on-access, real-time) anti-virus software. I will go out of my way to block infected files before they are used in order to prevent infected web pages from being served up in the first place.
AS A WEB SITE OPERATOR, I WILL NOT assume that my web pages are safe just because I am not running Windows. Even if my own servers never actually get infected, I aim to prevent others from getting infected through me.
AS A WEB SITE OPERATOR, I WILL patch my operating system, web server and plug-ins regularly and promptly. I recognise that if the author of the software I use to run my site has published a security update to close a remotely exploitable hole, then the Bad Guys already know about it and could break in at any time.
AS A WEB SITE OPERATOR, I WILL produce a cleanup plan. I will write down who will need to do what if infected web pages are found so I can recover quickly from an attack.
For more information, including statistics on web and email threats, detection techniques and offending countries – download the Sophos Security Threat Report 2009 from: www.sophos.com/secrep2009
