Now a researcher at Websense, a security firm based in San Diego, has developed a way to monitor such malicious activity automatically.
Speaking at the RSA Security Conference in San Francisco last week, Stephan Chenette, a principal security researcher at Websense, detailed an experimental system that crawls the Web, identifying the source of content embedded in Web pages and determining whether any code on a site is acting maliciously.
Chenette's software, called FireShark, creates a map of interconnected websites and highlights potentially malicious content. Every day, the software maps the connections between nearly a million websites and the servers that provide content to those sites.
"When you graph multiple sites, you can see their communities of content," Chenette says. While some of the content hubs that connect different communities could be legitimate--such as the servers that provide ads to many different sites--other sources of content could indicate that an attacker is serving up malicious code, he says. According to a study published by Websense, online attackers' use of legitimate sites to spread malicious software has increased 225 percent over the past year.
fishead ...*∞º˙ on 31 Dec 09"A programmer who claims he produced software that detected hidden terrorist messages in Al Jazeera broadcasts was apparently responsible for a false alert in 2003 that grounded international flights. The 2003 incident raised the government's security level, according to a remarkable story published by Playboy. The developer also allegedly faked software demonstrations and conned the Pentagon into investing in a program that fellow workers suspect never existed or couldn't do what the developer claimed. In December 2003, DHS secretary Tom Ridge announced a terror alert based on intelligence from "credible sources" about imminent attacks that "could either rival or exceed what we experienced on September 11." Dozens of French, British and Mexican commercial "flights of interest" were canceled, and news agencies were reporting that the threats extended to "power plants, dams and even oil facilities in Alaska." Playboy says the source of the intelligence was never revealed publicly. But the evidence points to Dennis Montgomery, who had convinced the government that Al Jazeera - the Qatari-owned TV network - was unwittingly transmitting attack orders to Al Qaeda sleeper cells concealed in video it broadcast."
