BANGALORE, INDIA: Halloween spam, 'Obama beat McCain' spam, 'Will you be my Spamentine', and the recent Conflicker spam... the world of web was never short of malicious activities throughout. However, the nature of attacks are evolving for sure.

From computer to user-based
In an age where everything from bill payment to banking has gone mobile and are carried over the net, computer-based attacks are giving way for web-based attacks. In a web-based mode, attacks are launched against users who visit legitimate web sites that have been compromised by attackers in order to serve malicious content.

Thus attackers are on prowl for Internet users who are in abundant over the net, providing the formers an array of targets and means to carry out their activities.

Symantec's 'Global Internet Security Threat Report: Trends for 2008', says that in 2008 alone, there were 12,885 site-specific vulnerabilities identified and 63 per cent of those vulnerabilities documented.

The target of attack has evolved and so have the mode and the hands behind such attacks. Web-based threats have not only become widespread but also sophisticated. Unlike earlier, online underground economy today stands consolidated and matured such that they are able to rapidly adapt activities.

Slow and steady: From high to medium severity attacks
Eight of the top ten vulnerabilities exploited in 2008 were rated as medium severity ones. This shows that attackers are slowly imbibing a mode of lengthy and complicated step instead of single high-severity flaws.

While a single high-severity flaw can be exploited to fully compromise a user, attackers are now frequently stringing together multiple exploits for medium-severity vulnerabilities to achieve the same goal.

Symantec's report, released in April, notes that some of the common techniques used by attackers to compromise a website include exploiting a vulnerable web application running on the server (by attacking through improperly secured input fields), or exploiting some vulnerability present in the underlying host operating system.

Attackers can exploit these vulnerabilities in a website or underlying application to modify the pages served to users visiting the site. This can include directly serving malicious content from the site itself, or embedding a malicious iframe on pages that can redirect a user’s browser to another web server that is under the attacker’s control. In this way, the compromise of a single website can cause attacks to be launched against every visitor to that site.

The lengthy and complicated steps pursued to launch successful web-based attacks demonstrate the increasing complexity of methods used by attackers.