There has been a dramatic rise in the number of reported incidents of new malware programs in the first part of 2007.
Security firm Sophos discovered some 23,864 new threats in the first quarter of 2007 - up from 9,450 for the same period in 2006. These were mainly web-based, meaning that they were spread through infected web pages rather than via email.
But the infected web pages were not always specially created by cybercriminals - many of them were existing, legitimate websites that had been hacked into.
"What's most worrying is that so many websites are falling victim because the owners are failing to properly maintain them and keep up to date with their patches," said Carole Theriault, senior security consultant at Sophos.
"By targeting a whole range of internet pages, hackers are successfully infecting a larger number of unwary surfers. Any ill-maintained website can fall victim," she continued.
Though the malware isn't spread via email, spam emails are often used to direct unwary surfers to infected web pages as they contain embedded links to the sites. However, stopping these spam emails isn't a simple matter.
"Spam is a difficult problem to solve as every government legislates differently and the responsibility of the ISPs varies from place to place. There are also market demands that often pressure ISPs to lower prices rather than invest into processes to clean up their output," Theriault said.
The spam can be created and distributed from anywhere in the world, meaning that less scrupulous ISPs in countries with vague or ineffective legislation can pose a problem.
"The fact that one average-sized Polish ISP is single-handedly responsible for relaying five percent of the world's spam is astonishing - which is why we are currently in talks with them on how they can reduce this glut of unwanted mail," said Theriault.
http://www.sophos.com/