Web site hacks on the rise

New research from web and email security firm IronPort has revealed a worrying rise in so-called "whaling" attacks, and web site hacks which lead users to malicious sites.

IT Week got exclusive access to the UK findings of IronPort's quarterly Spam, Viruses and Malware report before its release next month. The report highlights a growing number of SQL injection attacks on legitimate web sites.

These attacks occur when a hacker embeds a small amount of JavaScript on a compromised page; this then redirects the user to a malicious site where it may be compromised and turned into a zombie. Because it is virtually impossible for the naked eye to detect, users and site owners often don't realise they have been compromised, according to IronPort product manager Jason Steer.

"Some organisations forget to secure their web servers because the web site is not seen as a revenue-generating system but a media avenue; public sector sites especially [are bad]. "There are tools to automate JavaScript [attacks] now – this is a serious problem."

Steer explained that he found around 25 compromised sites in the UK in a single day, by Googling the script of just one JavaScript injection attack.

Steer also warned that criminal gangs are running the bot nets responsible for sending spam and launching denial of service attacks with increasing sophistication, thus making their detection increasingly difficult.

This third generation of bot nets is virtually impossible to track and shut down because "there's no way of going after the head" of the network, he explained.

IronPort's research also pointed to a growing number of whaling attacks – a form of phishing targeted specifically at individual executives in large corporations. In this case the fraudulent emails are sent to trick recipients into clicking on a link which takes them to a site where their personal details and any corporate information residing on their PCs can be harvested.