As the Web has become vital for day-to-day transactions, it has also become an attractive avenue for cybercrime. Financially motivated, the crime we see on the Web today is quite different from the more traditional network attacks. A few years ago Internet attackers relied heavily on remotely exploiting servers identified by scanning the Internet for vulnerable network services. Autonomously spreading computer worms such as Code Red and SQLSlammer were examples of such scanning attacks. Their huge scale put even the Internet at large at risk; for example, SQLSlammer generated traffic sufficient to melt down backbones.

As a result, academia and industry alike developed effective ways to fortify the network perimeter against such attacks. Unfortunately, the attackers similarly changed tactics, moving away from noisy scanning and concentrating more on stealthy attacks.

Not only did they change their tactics, but also their motivation. Previously, large-scale events such as network worms were mostly exhibitions of technical superiority.

Today, cybercriminals are primarily motivated by economic incentives not only to exploit and seize control of compromised systems for as long as possible, but also to turn their assets into revenue.

The Web offers cybercriminals a powerful infrastructure to compromise computer systems and monetize the resulting computing resources, as well as any information that can be stolen from them. Cybercriminals use the Web to serve malicious content capable of compromising users’ computers and running arbitrary code on them. This has been made possible largely by the increased complexity of Web browsers and the resulting vulnerabilities that come with complex software. For example, a modern Web browser provides a powerful computing platform with access to different scripting languages (such as JavaScript), as well as external plug-ins (such as Flash or Java) that may not follow the same security policies applied by the browser.

While these capabilities permit sophisticated Web
applications, they also allow people to collect informa-
tion about the target system and deliver exploits specifi-

2.0

When the Cloud Turns Dark

Web-based malware attacks are
more insidious than ever.
What can be done to stem the tide?