« Cisco Releases Wireless ARP Storm Patch | Main | MySpace Boots 29,000 Registered Sex Offenders. Now If Only I Knew What That Meant. »
July 25, 2007
Sophos Report: Apache Users to Get Comeuppance
Sophos put out a security report for the first half of 2007 today. Two assertions are worth relaying:
"The first half of 2007 has seen an explosion in threats spread via the web, which has now taken over from email as the preferred vector of attack for financially motivated cybercriminals."
"The fact that more than half of all infected web pages were hosted on Apache servers demonstrates that infection is not simply a Windows problem. Earlier this year, during a global ObfJS attack, in which legitimate sites were compromised so that they could serve up a malicious code, 98 percent of affected servers were running Apache - many of which were hosted on UNIX rather than Windows platforms."
The whole report is available for free with registration from Sophos' press release.
Regarding the first assertion, I don't feel like I have much reason to doubt it and it doesn't draw any particular scrutiny.
Regarding the second, it gets muddier. I don't understand what some of the numbers or terms Sophos is using mean, so I wrote Sophos' U.S. press contact and asked a few questions that boil down to this nutshellized version of the mail I sent:
"What do you define as a 'web threat?' From the report, it could mean that 51 percent of Web-based security incidents recorded involved an Apache server, or it could mean that 51 percent of recorded instances of servers being compromised due to server-specific exploits occurred on Apache servers."
Until I know all that, it's hard to comment on the report's pointed focus on Apache-on-non-Windows as a unique security problem. I'll post again when I get a response and understand what the report's saying a little better.
Posted by mhall at 2:39 PM | Add Comment
Leave a comment