Web 2.0 sites that allow user-generated content make up the majority of top distributors of malicious software, stated a report that security firm Websense published this week.
The report, which covers Internet security trends for the first half of 2009, found that a stunning 95 percent of user-generated comments to blogs, chat rooms and message boards are either spam or contain links to malicious programs. In all, the number of malicious sites detected by Websense more than tripled in the last six months, growing almost eight-fold in the last year. The report also found that more than three-quarters of the Web sites hosting some malicious code are legitimate sites that have been compromised.
"The very aspects of Web 2.0 sites that have made them so revolutionary -- the dynamic nature of the content on the the sites, the ability for anyone to easily create and post content, and the trust that users have for others in their online networks -- are the same characteristics that radically raise the potential for abuse," the company stated in the report.
The report echoed a recent survey by researchers from TippingPoint and Qualys, who found that legitimate Web sites are failing to patch significant vulnerabilities, leaving themselves open to compromise.
The Websense report found that 61 of the Top 100 Web sites "either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious content."
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos