Malware rises as industry stakeholders are criticised

Current efforts to improve security fail to prevent thousands of new threats emerging every day

A leading member of the House of Lords has criticised the government, internet service providers and vendors for failing in their responsibilities to protect the public from web-based threats. Meanwhile new research from security software vendor Sophos has found the amount of malware in the first quarter of 2007 had doubled compared with the same period last year.

Speaking at the Infosecurity Europe event in London today, Lord Broers, chairman of the House of Lords Science and Technology Committee, argued that government departments are limited in their ability to help in the fight against online crime, because they are typically poor at sharing information with each other.

He added that although responsibility for internet security is widely believed to be divided between ISPs, software manufacturers, operating system providers and users, “too much responsibility is on end users rather than those best placed to balance the risk”.

Lord Broers also hinted that as the industry matures, regulation may soon be coming to force ISPs to regulate more rigorously the content they deliver to users, and separate legislation to mandate firms to publicly disclose when they have been subject to a data breach.

Meanwhile, new research by internet and messaging security specialist Sophos released today has identified 23,864 new threats between January and the end of March this year, compared to 9,450 in 2006.

While the percentage of infected emails dropped again from 1.3 percent to 0.4 percent over the same period, the firm found 5,000 new infected web pages every day on average, the majority of which fell within legitimate web sites.

“Just as businesses have to keep up-to-date with their patches, so do web site owners, or those hosting the sites,” argued Sophos senior technology consultant Graham Cluley. “Among the things you can do are check your software i s up-to-date on the web server, scan regularly, and make sure you have a way of rapidly reacting to reports of infection on the site.”

Corporate users without adequate content filtering technology who visit pages with malicious content on them could also be at risk, added Cluley. A common strategy for malware writers is to download spyware to steal personal data or turn the user's PC into a part of a bot net, he said.