Slashdot Mirror

← Back to Stories (view on slashdot.org)

Growth of the Underground Cybercrime Economy

Posted by samzenpus on from the nothing-is-safe dept.

AC50 writes "According to research from Trend Micro's TrendLabs compromised Web sites are gaining in importance on malicious sites created specifically by cyber-criminals. The research debunks the conventional wisdom about not visiting questionable sites, because even trusted Web sites such as those belonging to Fortune 500 companies, schools, and government organizations can serve forth malware."

3 of 94 comments (clear)

  1. Any site by Merls+the+Sneaky · · Score: 5, Informative

    Any site serving up adverts is potentially sering up malware. Durr.....

  2. I sure hope by iminplaya · · Score: 5, Funny

    Slashdot is safe. It's the only site I visit. Make sure not to open the articles. You never know.

    --
    What?
  3. It's a problem, but the size is limited. by Animats · · Score: 5, Informative

    We have a list of major sites being exploited by active phishing scams, which we update every three hours. There are 56 sites on the list right now. Most sites don't stay on the list too long, but we still have 14 that have been on the list since last year. Most of them are DSL service providers with compromised machines they haven't kicked off. Some providers are proactive about this, and some aren't. Then there are a few compromised sites that just have no clue about how to fix their problem. One such site is the teacher web space for a school district.

    By, well, nagging, we've been able to get the big players to fix their problems. Google, Yahoo, MSN, and Dell were all on the list at one point, but they've all tightened up their systems.

    The points we make with this list are that 1) the number of major sites involved is small, and 2) blacklisting at the second level domain level causes acceptable levels of collateral damage. So go ahead, blacklist the whole second level domain in your phishing filters. Think of it as a way to encourage sites to clean up their act. Or as a way to find out where to apply the clue stick.

    This list is about "major" sites, ones in Open Directory (1.7 million sites.) The issue there is with attackers trying to steal the credibility of the major site. At the other end of the scale, any domain less than a few weeks old probably isn't worth connecting to. Or at least it should be read with all executable content disabled, including HTML email. Also, any link with more than one redirect probably shouldn't be followed.

    It's easier to filter out the attackers if you're willing to filter out the bottom-feeders as well. But that's another story.