Malware on legitimate websites up 50 per cent

Some three-quarters of websites with malicious code are actually legitimate sites that have been compromised, a report assessing the latest trends in internet security threats has said.

This represents an almost 50 per cent increase over the previous six-month period, according to the Websense ThreatSeeker Network Research report on the first half of 2008.

Malware authors are increasingly targeting trusted websites to fool users into clicking on infected links or content, where the report said 60 per cent of the top 100 most popular websites have either hosted or been involved in malicious activity in the first half of 2008.

Carl Leonard, Websense's European threat research manager, told IT PRO that increasingly organised criminal internet activity was "piggybacking off the reputation of popular, trusted sites".

SQL injection attacks were the favoured way of infecting sites, he said. "An iframe injected into website code could be used to redirect users to pages laden with malware," he said.

But Leonard added attackers have been less likely to exploit zero-day flaws or vulnerabilities discovered in web software. Only 12 per cent of websites infected with malicious code were created using web malware exploitation kits, a decrease of 33 per cent since December 2007.

He told IT PRO this decrease may be attributed to attackers launching more customised attacks to avoid signature detection by security measures.

"This means it's key for IT professionals to remain vigilant and realise that looking at the URL is no longer enough to spot an attack," Leonard warned. "IT organisations should make sure they have security tools to monitor the content as well, in real time. And they should make sure they have a clear acceptable use policy in place, as the line between business and personal activity over the internet gets more blurred."

The same old threats still feature prominently, where 87 per cent of email messages are spam. But this was the same as the second half of 2007. But 77 per cent of all emails in circulation contained links to spam sites or malicious websites, up 18 per cent over the previous six-month period.

Leonard said he had increasingly observed examples of malware authors hosting their code on social networking or free software sites and using email, blog and other user-generated content applications to send out what looked like trusted emails, with links to booby-trapped blogs or websites.

Although only nine per cent of spam messages were phishing attacks, this represented a 47 per cent increase over the last six months.

And on the data security front, Websense has found that 46 per cent of data-stealing attacks in the last six months were conducted through email or websites and 29 per cent of malicious web attacks included data-stealing code.

Miya Knights

A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.

Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.