博文
via 读写网Security as a Service from the (security-as-a-service) company Dasient's latest report shows that the second quarter in the past, they were found more than 1.3 million websites linked to malicious software that nearly doubled over last year . In addition, malicious attacks tend to occur on weekends, JavaScript attack is on the rise, ASP Web has increasingly become a target of attack....
来自安全即服务(security-as-a-service)公司Dasient的最新报告显示,在过去的第二季度里,他们共发现超过130万个网站挂有恶意软件,比去年同期几乎翻了一番。此外,恶意攻击往往发生在周末,JavaScript攻击正在兴起,ASP网页越来越成为攻击对象。
Dasient quick to point out attacks in the ASP page, the association does not imply causation. But the company proposed to increase the intensity of the concern of ASP pages.
Malicious JavaScript code injection increased 19%, while 11% fell into iFRAME.Dasient think this is because JavaScript can give hackers more access to the resource browser: DOM elements, page reference information, and cookie and so on.
Dasient reminded adware often appears in the weekend, because when the company IT staff often not been able to deal with emergency virus.
Dasient also gives the website was hacked three ways:
Third-party pendant: 75% Use an external JavaScript pendant. Third-party ads: 42% of the web site for external advertising. Third-party programs: 91% Web site contains outdated procedures.
Dasient很快指出,在ASP网页攻击中,关联并不意味着因果关系。但该公司建议加大对ASP网页的关注力度。
JavaScript恶意代码注入增长了19%,而iFRAME注入下降了11%。Dasient认为这是由于JavaScript可以给黑客提供更多浏览器访问资源:DOM元素,网页参考信息,以及cookie等。
Dasient提醒恶意广告通常出现在周末,因为这时公司IT人员往往无法及时处理突发病毒。
Dasient还给出了网站被黑的三大途径:
第三方挂件:75%网站使用外部JavaScript挂件。第三方广告:42%网站展示外部广告。第三方程序:91%网站含有过期的网络程序。
译者;谷歌翻译 作者; 阑夕
(本文转载自新浪博客;http://blog.sina.com.cn/s/blog_5d098bcc0100lccn.html?tj=1)
没有评论:
发表评论