Sophos rings Christmas warning bells for Aussie web sites

SophosLabs in Sydney finds nearly 20,000 newly-infected web pages around the world each day. This begs the question: how many of them are in Australia?

Digging back through the statistics for the past year-and-a-half gives a rather nasty surprise: we've been getting steadily worse.

In August 2007, Australia was in 38th place on the worldwide list of countries hosting infected web pages, with less than 0.1 per cent of the global total.

By April 2008, we'd climbed to 21st place, with 0.2 per cent of infected pages worldwide.

Sophos's latest Threat Report, released today shows that for November 2008, Australia is in 13th place, hosting 1.1 per cent of the world's infected web pages.

"This isn't a league we're supposed to win," said Paul Ducklin, Head of Technology, Asia Pacific at Sophos. "In this game, we need to play better, but to place worse."

Ducklin identifies several possible reasons for these unfortunate results:

* As internet access and web hosting plans offer more data for the same price, running your own website inside Australia, or expanding its remit has become more attractive, so there are more targets.

* The surge of interest in AJAX, Web 2.0 and user-supplied content, such as blogs, comment forums and discussion boards, has increased the complexity, and thus the attack ability of local websites so there is also more to protect.

* Australian web pages usually have English as their primary presentation language. This makes them seem less suspicious to non-native English speakers than any other language except their own, so they are very broadly useful to cyberscammers.

* The Australian top level domain (.AU) is still regarded as generally trustworthy for unsolicited content, especially when compared with domains such as BIZ, CN, UA and RU. Local web pages have good "brand value" to criminals.

Ducklin suggests the following New Year's Resolutions for web site owners, operators and hosters:

AS A WEB SITE OPERATOR, I WILL consider protecting my web servers with preventative (on-access, real-time) anti-virus software. I will go out of my way to block infected files before they are used in order to prevent infected web pages from being served up in the first place.

AS A WEB SITE OPERATOR, I WILL NOT assume that my web pages are safe just because I am not running Windows. Even if my own servers never actually get infected, I aim to prevent others from getting infected through me.

AS A WEB SITE OPERATOR, I WILL patch my operating system, web server and plug-ins regularly and promptly. I recognise that if the author of the software I use to run my site has published a security update to close a remotely exploitable hole, then the Bad Guys already know about it and could break in at any time.

AS A WEB SITE OPERATOR, I WILL produce a cleanup plan. I will write down who will need to do what if infected web pages are found so I can recover quickly from an attack.

And for regular computer users, Sophos advises starting the New Year with the following good intentions:

AS A RESPONSIBLE INTERNET USER, I WILL NOT wait to be told to comply with security-related regulations. I will be proactive, and make an effort to comply when first asked.

AS A RESPONSIBLE INTERNET USER, I WILL NOT slip into an attitude of testing the boundaries of the security software installed by IT. I will not treat everything that isn't explicitly blocked as implicitly allowed. I will allow the security software to assist my intellectual processes, not to replace them.

AS A RESPONSIBLE INTERNET USER, I will always remember that if an email or a website sounds too good to be true, then it IS too good to be true.