Web Hosting Security
We originally posted an article about web hosting security
written by thewhir.com. However, they do not allow non-profit educational
organizations to use their articles. therefore, we will post other
informational articles and news about web hosting security.
Free personal web hosting sites are increasingly being exploited by hackers
seeking affordable and anonymous ways to store and disseminate mobile malicious
code (MMC) and dangerous types of spyware, such as keyloggers, which are
designed to steal personal and confidential information.
Since the beginning of 2005, Websense® Security Labs has discovered more than
2,500 incidents of these websites distributing MMC, Trojan horses and keyloggers.
Websense software protects organizations from inadvertently becoming victims of
these attacks by blocking access to infected sites and preventing harmful
spyware applications from running on end-users’ machines.
In the first two weeks of July 2005 alone, more than 500 incidents of free web
hosting sites that were created to spread keyloggers, Trojan horse downloaders,
Trojan horse droppers, and other harmful spyware and malware. Earlier this year,
it was reported that free blogging accounts were being used to harbor malcode—this
trend is now expanding to any form of free web hosting site. The recently
uncovered sites include those available for hosting online journals, photo
albums, greeting cards, music, sports ‘fan’ pages and online sc#@&books, among
many other popular purposes.
“The growth of this trend is alarming. July has seen a major boom—in the first
two weeks alone we found more instances than in May and June combined,” said Dan
Hubbard, senior director of security and technology research for Websense. “Some
of the sites may be created with automated shared hacking software and free
online tools, while others are built to appear more legitimate. For example, one
of the sites found by the Labs included music that accompanied a greeting-card
message which runs while your computer is being infected with spyware.”
These fraudulent, free personal websites have an average lifespan of two to four
days, making them difficult to trace. In addition, a majority of the new sites
discovered by Websense have been hosted in Brazil or the United Kingdom and
contain text written in Portuguese and English.
“Hackers create their own pages with the sole purpose of spreading harmful code
and combine deception techniques, such as social engineering, to entice users to
visit and run the malicious code,” added Hubbard. “To allow accounts to remain
free, most of the hosting sites are not providing security features to prevent
this anonymous posting of malignant Trojan horses.”