Anti-virus firm AVG Technologies says an alarming rise in the number of virus-laden sites that are here today and gone tomorrow is causing security experts to re-think traditional virus protection strategies.
AVG reports the number of websites set up to steal your data has nearly doubled from about 150,000 per day to 300,000 since October 2008. More alarming to AVG is the fact those sites are short lived and vanish sometimes within 24 hours. These "transient threats" make maintaining lists of dangerous websites extremely hard to manage, says Roger Thompson, chief research officer for AVG.
"Security firms can no longer rely on just blacklisting sites," Thompson says. AVG, like many other anti-virus companies, keeps track of rogue sites and updates its desktop anti-virus software with that list. But as the churn of new threats increases at an alarming rate blacklist databases become increasingly less effective.
AVG says protection of computers must now more heavily rely on identifying threatening behavior of a site. This method of protection relies on identifying when a site is attempting to attack your PC and stopping that attack before it happens.
AVG says that 60 percent of dangerous transient sites are up for one day and gone the next. One year ago rogue sites would stay alive on average 30 days giving security experts a chance to blacklist the site and identify the virus signature so it could create a defense against the virus and blacklist the site.
The majority of the threats presented by these sites are what is called a drive-by downloads. Meaning all you have to do is visit the site and malicious code can infect your computer. We've seen this before when a number of well-known sites discovered they had malware embedded in banner ads from third-party ad providers.
Here is more data that comes from AVG released today as part of a report "Transience, Stealth the Hallmarks of Today's Web Threats.".
* 94 percent of sites distributing ‘fake codec' attacks - when the user is offered a codec, or video conversion tool, in order to view or download a particular video but is in reality a piece of malware - are usually active for less than 10 days, with 62 percent active for less than one day.
* 91 percent of sites distributing attacks from China -frequently stealing seemingly-harmless items like World of Warcraft game passwords which can be resold on sites like eBay for real money- are typically active for less than 12 days, with almost 50 percent active for less than one day.
* 72 percent of sites distributing fake anti-spyware products that in fact deposit spyware onto the user's machine and then offer to remove it for a fee are active on average for less than two weeks, with 28 percent active for less than one day
According to AVG, social networking sites are prime breeding grounds for these types of transient attacks. Social networking users are more trusting and less suspicious in these environments making them more likely to click on links that will take them onto the mean streets of the World Wide Web. That's not particularly surprising, especially considering recent news about the conficker worm as well as malicious attacks found lurking on President Barack Obama's campaign website.
Unsurprisingly, AVG suggests that its products are ideal to combat transient threats. AVG's current free and fee desktop anti-virus products scan how a website is behaving to determine whether or not it contains malware as opposed to looking for specific, known viruses or restricting access based on blacklist. Competing anti-virus firms also offer similar two-prong approaches (blacklist and real-time protection) in protecting your desktop. For a list of free and fee anti-virus protection check out PC World's Downloads.
Along with anti-virus software there are many other things you can do to reduce threats to your computer. PC World contributor Andrew Brandt outlines many of them in his report 17 high-risk security threats and how to fix them.