Cyber criminals are working harder than ever to turn the world's most popular websites into unwitting carriers of viruses and spyware.
Over the past six months, hackers have intensified attacks on trusted websites such as Facebook and News.com that are frequented by millions of users every day. By injecting bits of malicious code into the pages of reputable websites, hackers can deliver viruses, Trojan horses and other spyware onto the computers of unsuspecting users who just stop by to check their stocks or the score of the hockey game.
As many as 75 per cent of the websites distributing viruses are actually legitimate sites that have been compromised, according to a study being released Tuesday by security firm WebSense Inc. That is up from 50 per cent six months ago, the study found.
A second study released Monday found it costs Canadian public companies an average of more than $600,000 a year to combat the hackers.
The cyber criminals are increasingly sophisticated and their software often goes undetected for days, said Stephan Chenette, general manager of WebSense's security labs.
“We're seeing a trend of crime going toward more of a professional organization where they have paid programmers who are creating quality software that is using Google search to find high-reputation sites,” he said.
The results are part of Websense's bi-annual State of Internet Security report, which compiles findings from the company's ThreatSeeker Network. The network scans the Internet daily for security threats and tracks viruses.
More than 60 of the world's 100 most-visited websites fell prey to hackers embedding malicious code on their pages. Some of the tougher viruses infected as many as 500,000 websites before security experts discovered them and were able to create patches to prevent against future attacks, Mr. Chenette said.
A Trojan horse that infected a TD Asset Management website went undetected from Wednesday of last week until 10 p.m. Friday when the page was taken down and repaired.
“It wasn't a TD-targeted event, it was a broader Internet event,” Toronto-Dominion Bank spokesman Simon Townshend said.
Most of these new viruses are created in countries such as China and Russia where cyber crime operates largely unchecked.
IT security breaches, such as those perpetuated by these takeover viruses, cost Canadian public firms an average of $673,000 in both direct and indirect costs every year, according to a joint study from Telus Corp. and the Rotman School of Management at the University of Toronto.
“Companies understand the importance of IT security, but I never believe that they understood the true magnitude of the risks and the costs involved,” said Rotman business economics professor Walid Hejazi. “This is an important issue, the costs are high and they're growing.”
Government websites are particularly vulnerable to viruses because hackers see them as potential gold mines of personal information and the agencies often lack the proper budgets to ensure top-tier IT security, Mr. Hejazi said.
“Governments tend to have the same challenges facing private-sector companies in terms of having all of this really important confidential data, however they tend to have budgets that are lower,” he said.
