The Web is Still the Wild, Wild West


While you are destroying your mind watching the worthless, brain-rotting drivel on TV, we on the Internet are exchanging, freely and openly, the most uninhibited, intimate and, yes, shocking details about our config.sys settings.  ~Dave Barry

Did you know that spam accounts for 81.7% of all the world’s email traffic?

Each day new websites are launched with malware and spyware.  The daily number of new websites hosting malware peaked in November at 5,424.  Did you catch that?  5000+ brand new sites, loaded up with spyware, daily!

Jason Lee Miller from Security Pro News wrote a nice piece describing the top cybercrimes this year.

1. Storm worm: The most aggressively spread malware in 2008, this nasty bugger enabled one of the largest botnets in history, infecting an estimated 2 million computers worldwide.

2. Search spam: Early in 2008, spammers discovered the search engine redirect, which allowed them to include a search query link within an email message. The link led to a forged website, but the redirect method allowed spammers to bypass spam filters by never having to mention which site the link led to.

3. CAPTCHA breaks: In February, hackers managed for the first time to break webmail CAPTCHAs, mechanisms designed to tell humans and computers apart online. Once they were able to break these codes, Gmail and other web-based email spam hit the world wide web in force.

4. Targeted Trojans: New versions of old tricks, targeted Trojans evaded Anti-virus using code variations, often to spoof legitimate websites and organizations. Since January, targeted Trojan attacks have increased to about 80 per day.

5. Web-base malware: SQL injections via HTML tags were all the rage by July, when the number of new, malicious websites blocked each day rose 91 percent.

6. Hosted applications spam: Getting adept at looking legit, spammers made use of linking to hosted online documents created under accounts with major hosted app providers, which are not blocked by filters.

7. Srizbi: Infecting an estimated 1.3 million computers last year, Srizbi was the culprit behind about half of all spam in 2008. The Reactor Mailer spamware, the bank spoofs? All thanks to the Srizbi botnet.

8. Ospama: All Barack Obama spam didn’t originate from David Plouffe’s desk. The 2008 election year attracted watch-selling spam clusters addressed from and, tow popular pro-Obama websites spoofed in the name of
sleezy marketing tactics. 85 percent of election-related spam used Obama as a subject line, perhaps making spam the best bellwether of them all.

9. Credit crisis phishing scams: When people started to worry about their nest eggs, phishers got busy trying to con them. Phishing attacks spoofing banks suddenly spiked in September and October by 103 percent.

Summary: Like a big city, the web still has quite a few dark alleys that people try to avoid. The hackers are out there in full force. They will attack whenever and wherever they find a weakness. They even have a sense of humor!   Ospama? C’mon, that is a little funny…  IT departments need to look out for this and take security seriously, even if the subject lines of the offending emails are amusing.


2 thoughts on “The Web is Still the Wild, Wild West

  1. Jim Devine

    Brian, great stats, kinda scary and I agree that diligence is always the rule.

    However the use of the word Hacker might be argued. Real Hackers do not do these things, “crackers” do. Hackers are generally only looking for solutions not mischief or criminal gain. This is a common misconception. Most every hard working solution developing techie I know or have ever known meets the true definition of Hacker. Crackers on the other hand are generally immature and lack self discipline and self assurance regardless their age or experience. They attack in a warped desire to prove their own “superiority”.

    1. Brian Post author

      Jim, first, happy holidays and thanks a ton for your comment. Just getting warmed up here and I appreciate you swinging by. Your comment about hackers vs crackers is well taken – it’s funny how negative associations with the word “hacker” started to lessen in recent years. I believe some of Tim O’reilly’s books may have been the catalyst?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s