Carl Leonard discusses Web 2.0, user-generated content and the dangers of drive-by malware.
V3.co.uk: As head of the Websense European threat research
team, what does your role entail?
Carl Leonard: The security labs division is made up of a strong team of experts
located globally. Our main aim is to develop product features; we play a key
role in deciding where a product line should go based on the threats we're
seeing. We focus on developing back-end processes so we can scale to meet the
current threat landscape. In our last biannual threat report we found that
malware sites increased by 670 per cent in one year, so being able to scale and
develop products to meet the needs of enterprises is key. All our work goes into
automating processes, and feeds into the ThreatSeeker network, the key
technology we developed over a number of years which can parse through over one
billion pieces of content each day and scan over 40 million sites an hour.
You've been analysing threats for over six years now. What have been
the biggest changes during that time?
The uptake of Web 2.0 for business and personal use has been the most
significant change in the industry. I mean types of sites which offer the
ability to leave user-generated content, so the end user dictates to an extent
what is displayed on the web site. User-generated web spam on posts and comments
on these sites is not going away anytime soon. Malware authors know people go to
these sites so, if they can encourage people to click on the links in these
posts, it's an easy way to infect a lot of people. Tactics have changed a lot on
the part of the hackers; phishing attacks are decreasing, for example, because
it's now a well-discussed topic, so instead the hackers are installing malicious
code on legitimate sites. This is better than creating new sites and trying to
encourage people to go to them, having the code up there for two weeks. If you
can compromise a legitimate site with a drive-by download, 10,000 people may
visit in just 30 minutes. It's quick impact.
Are there any other current trends worth noting?
An increase in emails containing malicious links. The spammers may be
collaborating with the malware authors to drive people to click through to
malicious sites. Also the amount of search engine optimisation is really coming
to the fore now. Any hot news of a celebrity, if you type it into a search
engine, could return results linking to malicious sites. Users can't rely on the
search engines to filter these results.
Do you ever feel like the good guys are fighting a losing
battle?
No. I think that the last few months have shown the real impact made by the
security community working with law enforcers; first the McColo shut down then
the Pricewert ISP this summer. It's a good start, although the nature of malware
activity is that they learn from these actions, so we could see more distributed
code in future so that not all their eggs are in one basket.
There has been a lot of press about social networking threats. Where
do you think the newest threats are coming from?
Well, the Facebook security team seem pretty hot on things. As regards Twitter,
it is always a learning experience because it is new technology. You know the
typical attacks that might occur, but sometimes they manifest themselves in
unusual ways, as was seen in Twitter spam and the increase in malicious tweets.
For customers trying to protect their own environments it's difficult to predict
how the next threat will manifest itself, which is another reason why hosted
services can be so useful. The IT team can also help by ensuring that policies
are being enforced and configured correctly.
del.icio.us
Digg this
reddit!
