London is worse than sex

You might think that sex is bad but London could be worse. That’s one of Avast’s findings in a report due out shortly that demonstrates the falsity of the conventional wisdom that, by watching where you browse, you can avoid infection.

“The statistics are clear – for every infected adult domain we identify there are 99 others with perfectly legitimate content but infected,” reckons Avast’s chief technical officer Ondrej Vlcek.

In the UK, for example, Avast has daily found more infected domains containing the word “London”. Like most infected pages, some 20 percent of those pages are infected with an HTML:Script-inf, which is an evolution of JS:IllRedir and JS:IlllIframe exploits. This type of infection is widespread and accounts for 20 percent of all infected UK pages.

The infection takes advantage of a known Microsoft Windows vulnerability, as Vlcek explains: “The problem is particularly bad because the CVE-2010-1885 vulnerability targets the most widely used version of Windows, and at the present time it is still unpatched. This means that even if a user is running a fully updated Windows XP SP3 with all the security patches, the user is still vulnerable.”

Non-PC-based infections on the rise
Industry analysts are now saying that mobile and other devices are providing a significant boost to Internet-connected infections, according to a story in ZDNet Asia.

Basically, analyst firm IDC has found that some 10 million non-PC devices are connected to the Internet and that the number will almost double in the next four years. It’s not just mobile phones either. Devices such as Internet-enabled TVs are just coming onstream, along with a vast array of other widgets.

As a result, as security expert Anthony Ung reckons, there’s a growing risk of cyber-crooks employing social engineering tactics to get infections into new devices. Ung said that “manufacturer attention to quality control is now ‘definitely a necessity’ as cyberattacks take on new forms.”

In particular, points out the story, end users will need to get used to such tasks as wiping personal data from electronic devices before they pass them on or sell them.

Avast gets a plug
Meanwhile, in another part of the forest, ZDNet UK blogger Jack Wallen, when looking at his top AV tools, reports that: “Avast is an outstanding antivirus tool that offers many options other tools overlook. One of my favourite features is Avast’s built-in rootkit check.”

And finally, this blog is now part of the Security Bloggers’ Network – so (now you’ve read this) go check out some great pages there. Thought you’d like to know.

Site and domain infection report

Avast protects millions of users — in fact, by the end of May Avast had protected a million users each day from accessing infected domains, up from last year’s average of 400,000 per day — so the company has a pretty clear idea of where the worst-infected domains and sites are. And in the spirit of freedom of information, I’m happy to pass it on so you can avoid where appropriate. Specifically, I promised last week that I’d provide more data on infected domains — so here it is.

In the previous post we saw how France and Russia had seen growth in infections, with Russia (.ru) now the second-most infected country domain. Of the other top-level domains, apart from .com which is way ahead of the rest, .info has seen a five percent increase in infected domains and a 94 percent increase in users who’ve been affected.

After .net and .info, the next most often infected is .org followed by .biz, and than a few .gov, with 10 infected domains in May, .travel (six infected), and even .museum, with one infected in May.

And the good news? For those planning their summer holidays, none of the .sc (Seychelles) or .sm (San Marino) domains have reported infections since the beginning of 2010.

Security Bloggers Network
If you need more information, there are few places better to start than the security bloggers network. It’s a network of like-minded bloggers who provide news stories and other material to turn the site into one of the web’s best security resources. It describes itself as “the largest collection of information security focused blogs and podcasts in the world.”

The SBN has also caught the eye of one of the cutting-edge security companies, RSA Security, which has agreed to sponsor the SBN for a year. This will allow the SBN to put into motion many of the programs and plans that we have been trying to bring to the community. With almost 300 blogs in the network, the SBN is the largest collection of security blogs in the world.

I hope that this humble blog may one day join the network — but as a treat, here’s this week’s link to one of the bloggers, Tom Olzak, whose column Adventures in Security is a worthwhile read…