The amount of maliciously infected sites increased by 233 per cent in the last six months

News by SC Staff

Over three quarters of websites with malicious code were legitimate sites that had been compromised this year.

Over three quarters of websites with malicious code were legitimate sites that had been compromised this year.

According to the Websense Security Labs report, state of internet security for the first two quarters of 2009, most threats to information security are leading to the web, either using the internet as the attack vector, or simply the route through which stolen, confidential data is transmitted.

It identified a 233 per cent growth in the number of malicious sites in the last six months, and a 671 per cent growth over the last year. It claimed that the high percentage was maintained over the past six months in part due to widespread attacks including Gumblar, Beladen and Nine Ball which aimed at compromising trusted web properties with massive injection campaigns.

Meanwhile, it claimed that Web 2.0 sites that allow user-generated content are a top target for cybercriminals and spammers, as Security Labs identified that 95 per cent of user-generated comments to blogs, chat rooms and message boards are spam or malicious content.

The report claimed that efforts to self-police Web 2.0 properties have been largely ineffective. Websense research shows that community-driven security tools used on sites such as YouTube and BlogSpot are 65 to 75 per cent ineffective in protecting web users from objectionable content and security risks.

Websense CTO Dan Hubbard, and author of the report, said: “The last six months have shown that malicious hackers and fraudsters go where the people are on the web - and have heightened their attacks on popular Web 2.0 sites and continued to compromise established, trusted websites in the hope of infecting unsuspecting users.

“From malicious Twitter spam campaigns and blog comment spam to the massive injection attacks, those perpetrating fraud are exploiting the inherent trust users have of known web properties and other users.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike