HOME ALL STORIES LATEST NEWS COLUMNS OPINIONS EDITORIALS GUEST VIEWS SHORT TAKES DATA WATCH SPECIAL REPORTS ZEICHICK'S TAKE SD TIMES 100 EDITORS' BLOG

RSS FEEDS

FACEBOOK

TWITTER

WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH SYSMANNEWS SPTECHCON ESDC IPHONEDEVCON PRIVACY POLICY CONTACT US

Printable version

HOME >> ZEICHICK'S TAKE

Most Read Latest News Blog Resources

Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

Does Windows cost Microsoft opportunities?
Microsoft's decision to focus .NET on Windows is stifling innovation due to the specter of...

OSBC focus turns to best practices for open-source adoption
Businesses are no longer asking why they should adopt, but how do they use open source leg...

Maven Studio for Eclipse gets developers up to speed
Sonatype tool simplifies onboarding by giving developers a way to easily deploy fully conf...

nVidia updates CUDA tools
Latest version helps developers turn desktops and servers with high-end GPUs into more pow...

Scrum Planning Board adds automation to Axosoft OnTime
Illustrations are also included to assist Scrum-using developers a better view of what the...

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.

Overcoming Development Challenges with Open Source Open source software can help you with your application development challenges. It doesn’t...

Accelerate Services and the Cloud Business units, functional groups, and different divisions of companies across industries...

Enterprise Mashup Platforms for Today’s Increasingly Complex and Real-Time Context Enterprise Mashups offer your company a new way to connect data from inside and outside yo...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Zeichick's Take: The Ubiquity of Malicious Code

By Alan Zeichick

March 29, 2007 —

Software security is a big problem. You can quote any number of studies to show that software is under attack like never before and is being exploited like never before. One such study, which is released quarterly as part of the marketing strategy of Finjan, is called the Web Security Trends Report. The most recent report, which came out this week, talks about several interesting topics. (Note that you'll have to register with Finjan, which sells Web security tools, to get access to the report.)

This quarter's report focuses on what Finjan calls the universal pervasiveness of malicious code. For example, it takes on the commonly held belief that malicious code (such as phishing sites, spam servers or Web pages with intentional browser exploits) are hosted in countries like China and Russia, or in developing nations. By contrast, Finjan asserts, "it is flourishing in both developing countries and in Western countries with advanced e-crime law enforcement policies."

Why is that? According to the company, it's because malicious code has been commercialized. "A real market exists for malicious code, governed by the forces of law and demand," the study writes. "Motivated by the business opportunity, hackers continue to raise the technological bar…commercialized products and tool kits for creating malicious Web sites are readily available for purchase on the Internet."

In other words, the attacker might be in Beijing, Bangalore…or Brussels or Birmingham or Boston.

Finjan cites its own study of 10 million URLs collected in the United Kingdom from live end-user traffic, and concludes that 80 percent of the URLs containing malicious code were hosted in the United States. Another 10 percent came from the U.K.

Some factors that lead to having so much malicious code hosted in the U.S. and U.K. are the ubiquity of free Web hosting services, and that even when hosting isn't free, it's generally darned inexpensive. In other countries, Web hosting may be more expensive, or more difficult to obtain anonymously.

The Finjan report points to two other factors involving malicious code –the first of which was totally new to me.

• Malicious code via translation services. A lot of search engines, Finjan explains, provide automatic linguistic translation of Web pages, allowing a user in the U.S., France, Germany, Japan or elsewhere to gain access to the entire World Wide Web, no matter what language a Web page was written in. Many of the translations, you've probably noticed, are quite comical. However, they're also dangerous, because if there were malicious code on the source page, an "on the fly" automated translation would likely leave that code alone –but would mask it by "cleansing" the domain of the malicious site into that of a trusted search engine. Thus, malicious code could bypass URL filtering services.

• Malicious code through aggressive obfuscation. The previous quarterly's report from Finjan introduced this topic, which this edition expands upon. "Dynamic code obfuscation is an especially insidious threat that undermines the ability of security vendors to detect and count encrypted malicious code…each visitor to a malicious code site receives a different instance of the obfuscated malicious code, based on random functions, parameter name changes, etc." According to Finjan, more than 80 percent of the malicious code that the company detected was obfuscated to some extent, presumably to avoid detection.

The study concludes, "Finjan recommends that organizations take the initiative to better understand the nature of the e-crime threat." Good advice.

Alan Zeichick is editorial director of SD Times. Read his blog at ztrek.blogspot.com.

Share this link: http://www.sdtimes.com/link/30313

Zeichick’s Take: Interact with your source code Alan recounts a time when a problem was solved beyond reading code, but also interacting with it

Code Center update allows code approval grouping Building on Code Center's existing tracking features, Black Duck has added more flexibility in approving open-source components, and entire stacks of software can be approved from a business, coding and legal standpoint.

Zeichick’s Take: Secure Code Costs More SANTA BARBARA, CALIF. — It costs between US$100 and $1,000 to write truly secure code, according to a consensus of...

Add comment

Name*
Email*
Country

Comment
Preview

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST