Malware on legitimate websites up 50 per cent

The security threat from legitimate websites infected with malware has doubled in the first six months of this year, according to the latest internet security threat report.

Some three-quarters of websites with malicious code are actually legitimate sites that have been compromised, a report assessing the latest trends in internet security threats has said.

This represents an almost 50 per cent increase over the previous six-month period, according to the Websense ThreatSeeker Network Research report on the first half of 2008.

Malware authors are increasingly targeting trusted websites to fool users into clicking on infected links or content, where the report said 60 per cent of the top 100 most popular websites have either hosted or been involved in malicious activity in the first half of 2008.

Carl Leonard, Websense's European threat research manager, told IT PRO that increasingly organised criminal internet activity was "piggybacking off the reputation of popular, trusted sites".

SQL injection attacks were the favoured way of infecting sites, he said. "An iframe injected into website code could be used to redirect users to pages laden with malware," he said.

But Leonard added attackers have been less likely to exploit zero-day flaws or vulnerabilities discovered in web software. Only 12 per cent of websites infected with malicious code were created using web malware exploitation kits, a decrease of 33 per cent since December 2007.

He told IT PRO this decrease may be attributed to attackers launching more customised attacks to avoid signature detection by security measures.

"This means it's key for IT professionals to remain vigilant and realise that looking at the URL is no longer enough to spot an attack," Leonard warned. "IT organisations should make sure they have security tools to monitor the content as well, in real time. And they should make sure they have a clear acceptable use policy in place, as the line between business and personal activity over the internet gets more blurred."

The same old threats still feature prominently, where 87 per cent of email messages are spam. But this was the same as the second half of 2007. But 77 per cent of all emails in circulation contained links to spam sites or malicious websites, up 18 per cent over the previous six-month period.

Leonard said he had increasingly observed examples of malware authors hosting their code on social networking or free software sites and using email, blog and other user-generated content applications to send out what looked like trusted emails, with links to booby-trapped blogs or websites.

Although only nine per cent of spam messages were phishing attacks, this represented a 47 per cent increase over the last six months.

And on the data security front, Websense has found that 46 per cent of data-stealing attacks in the last six months were conducted through email or websites and 29 per cent of malicious web attacks included data-stealing code.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020
REvil hacking group says it has made more than $100m in a year
Security

REvil hacking group says it has made more than $100m in a year

29 Oct 2020
36 billion personal records exposed by hacks in 2020 so far
Security

36 billion personal records exposed by hacks in 2020 so far

29 Oct 2020
Trump website defaced in second successive cyber breach
Security

Trump website defaced in second successive cyber breach

28 Oct 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020