Browser Attacks Elevate Threats To New Level

But another genre of attacks is gaining popularity among virus writers these days,attacks that take a different form but wreak the same kind of havoc on a corporate network. These latter threats are known as browser-based attacks, and they spread when users visit Web pages containing malicious code intended to sabotage computers or compromise privacy.

According to a study released earlier this month by the CompTIA, they are on the rise. A survey of nearly 900 organizations found that 36.8 percent were plagued by one or more browser-based attacks in the last six months. John Venator, president and CEO of CompTIA, said this figure represents a 25 percent increase from the results of an identical survey last year.

"The explosion of dynamic, Web [attacks] is exposing organizations' IT systems to new security threats," he said.

A handful of solution providers in the security space said they have redoubled their efforts to help customers fight malicious attacks. It's a good thing, too,resellers reported that many of their customers aren't aware that these threats even exist.

Steve Finnestead, accounts manager at Engineering Computer Consultants, Fort Collins, Colo., said that while many of his customers have been struck by browser-based attacks, most don't know it.

"We've found that a much smaller percentage of customers know that the browser-based attacks are even out there," Finnestead said. "When you start to talk to customers about it, they say, 'I already have antivirus protection.' They just don't get it."

Finnestead's company participates in the channel program of SurfControl, Scotts Valley, Calif. The vendor's Web Filter product allows customers to scan certain kinds of Web content for executable viruses as the content streams across the corporate firewall into the enterprise network.

Similar functionality is available from more mainstream vendors, too. On the perimeter, newer Layer 7 firewalls such as Deep Inspection from NetScreen Technologies, Sunnyvale, Calif., and Application Intelligence from Check Point Software Technologies, Redwood City, Calif., are aimed at reducing the risk of browser-based attacks. Resellers reported that customers also turn to products such as Cisco Security Agent from Cisco Systems, San Jose, Calif., to reduce the effect of zero-hour browser-based attacks.

Steve Goldsby, CEO of Network Armor, a division of Integrated Computer Solutions, Montgomery, Ala., said that most of his customers have 10 to 15 times more virus traffic than they suspect. ASIC-powered FortiGate firewall appliances from Sunnyvale, Calif.-based Fortinet are among his best sellers.

"We have found that nearly 30 percent to 80 percent of [customer] LAN traffic is viruses, worms, Trojans and other malware," he said. "From a reseller standpoint, [the FortiGate devices] give us a great opportunity to present the customer with a solution to prevent the ingress and egress of threats at the gateway."

Still other resellers touted different firewall products as worthwhile defenses against browser-based attacks. Monty Holloway, vice president of sales at Software Medium, Dallas, said his choice for preventing browser-based attacks is the Webshield appliance from the McAfee division of Network Associates, Santa Clara, Calif.

Webshield provides customers with protection of a variety of Internet protocols including SMTP, HTTP, FTP and POP3, making it nearly impossible for any sort of malware to get through the corporate gateway undetected, he said.

"It's hard for malicious code to hide when you're scanning every single protocol where browser-based threats hide," he said. "Much of these [browser-based attacks] are under the radar, but if you can convince customers to get a new radar, you're changing the game completely."