As more organisations turn to Web 2.0 technologies within their business, malware writers have begun to target these applications to distribute their payloads. According to some, the web is now considered the number one delivery mechanism for malware, with approximately 85 percent of all threats coming from the internet. At least five percent of heavily trafficked “trusted” web sites are now harbouring malware. That makes securing the business increasingly complex, because URL filtering systems and blocking alone are unable to protect a network if they cannot detect the attacks.

Blocking access to social networks might be a realistic option for some organisations, but it would not address other web security threats like drive-by downloads, phishing and pharming attacks, and user access to proxy bypass sites. According to Gerhard Eschelbeck, CTO of Webroot

"We’re now seeing an unprecedented volume of infected PCs and networks, and greater sophistication employed by those doing the infecting. Some reports state that up to 6,000 web pages are infected every day. Four out of five of them belong to hacked inoffensive web sites."

Hidden Malware Threats
Malware writers distribute threats using a variety of means, including web sites, instant messaging services and email. Cyber criminals have become innovative in their approach, inserting malware into the everyday online activities of the end-user. Malware writers often utilise highly visible news stories to create illegitimate sites that fool users. By simply clicking on what is believed to be an innocuous web site or pop-up, end-users unknowingly infect their own computer.

Other examples of hidden threats include malware writers placing an overwhelming amount of information in their End User License Agreements (EULA). Knowing that most users will ignore the lengthy and ambiguous language of the EULA, developers are able to "obtain" permission to download their malware or spyware onto a client machine.

Threats have become so sophisticated, that they are often disguised as legitimate traffic entering through well-established ports, that allows them to bypass traditional security defences such as firewalls and other perimeter solutions. Once installed on a system, many applications will then disguise themselves as trusted programs to evade detection and removal.

Impact to Business
The impact and cost of malware to the business community is significant with estimates of more than two thirds of all PCs being infected with some form of malware or spyware. Gerhard Eschlbeck had this to say,

"The average cost of each infected workstation to any business is £500 (based on IT services, downtime and re-imaging). Assuming a business has fifty users, 79% (39.5) who have a an infection, at £500 per workstation, a company can expect to spend over £20K to clean all infected machines - per incidence of infection."

The figures quote don't even take into account data loss and other potential ramifications from the data loss such as IP theft.

Future Trends and Vulnerabilities
We can expect the number of Web 2.0 users to grow further and as a result we can also predict that there will be adaptations, or new creations, of social networking tools. Web-based malware will become increasingly more difficult to detect and remove, with cyber criminals employing even more advanced techniques to evade detection.

As with any threat vector, to truly deal with the alarming infection rates, security professionals first need to assess the risk to the business and work out their response. If defence and detection technology is deployed to deal with the threats then these also need to be backed up with appropriate user education.

References
SV Article:Antivirus Software - Good or Bad?
SV Article:Best Virus Checkers - No Defence Against Modern Malware
SV VideoCast:Death of Virus Checker