The Malicious Website Problem
1. The number of malicious sites on the Internet that are either origination or distribution points for Malware, Trackware, Phishing, Identity Theft and Spam have increased by a factor of 9 in 2011, and continue to rise dramatically in 2012. Numerous studies have shown that the controlling sites range from 75K to 80K throughout the Internet. This specifically excludes “victim” sites, that are often exploited as part of botnets and other loosely controlled delivery mechanisms.
2. In the US, the control of end-point malicious activity is often left in the hands of end-users that must fight this battle with reactive and outdated Anti-Viral software, limited to no cooperation from state or federal government agencies, plus Internet Service Providers that do not enforce their respective Internet Use Policies for malicious site owners.
3. Search engine and web browser toolbar vendors often make use of Application Programming Interfaces (APIs) that are also used by malicious site support groups. This unfortunate circumstance has provided fertile and frequently compromised web site and web application vulnerabilities that must also go unprotected due to lack of proper update support and service for end-users. It appears that once you have adopted the use of more uncontrolled applications and especially web toolbars, then your risk for infection increases by a factor of 10 – 12 over those who use more controlled methods for “surfing the web”. To help combat this problem, nGran supports the efforts of OWASP, (please see our Alliances page on this website) and Mozilla with the Web of Trust (WOT) initiative.
For more details on the Mozilla effort please contact WOT directly at www.mywot.com/
4. Due to the fact that all current AV and Anti-Malware vendors operating in the US are in a reactive posture, they must wait for an infection to emerge before they can study it and provide a solution that will protect end-users and stop the further spread of infection and Privacy Invasion.
5. Unfortunately, AV and Anti-Malware vendors are forced to compete on an unlevel playing field that favors a numbers game. In other words, how many threats does your solution detect?
6. Given the fact that the latest “State of Badware” report* shows over 17.5 Million unique threats identified in the wild (as of June, 2011), an end-user cannot possibly scan a small machine against such a vast array of threats and still use their desktop, laptop or mobile device. A different approach is needed.
7. Given the state of numerous recent security breaches, it is time that we enable all of our "body armor" to protect end-point computers. In addition to standard AV software and Firewalls, nGran suggests a multipath, blocklist that utilizes appropriate file and process protections as well as one of the cornerstones of the TCP/IP suite ... blocking static routes with a local host file. Such a file exists on every device that conforms to the TCP/IP standard and with appropriate tailoring is a powerful blocking complement to existing Firewall, AV and Anti-Malware solutions.
For further details on this research, please contact us at info@ngran.com.
It is clear that the most rational approach to controlling the onslaught of malicious website activity is to block access to such sites until the time that their condition can be fully remediated. This reduces the "infection surface" of small computers and protects against the use of Command & Control (C&C) botnet severs, in that the identified C&C servers can no longer reach their intended "zombies".
* State of Badware report available at http://www.stopbadware.org
| 
