For the first time, legitimate Web sites compromised by attackers made up the majority of sites used to spread malicious programs, security firm Websense said in a report published on Tuesday.
During the second half of 2007, the number of malicious compromised sites climbed to 51 percent, becoming a more popular way to spread code then sites created by attackers, Websense said in its research highlights. Mass Web site attacks aimed at creating online points of infection have become more common in the past year, including major incidents in March and November.
"These sites pose a significant risk because many security companies rely on Web site reputation to protect customers," the company stated in the report. "Compromised sites have a good reputation, plus the have a built-in group of visitors to the site."
In the past, massive attacks aimed at Web sites typically involved defacements by online vandals. Yet, as online crime increasingly becomes motivated by profit, defacements have given way to finding ways to insert
iframe redirection code or compromise a site to host malicious software. Earlier this month, for example, security firm Finjan warned that hackers had bypassed security on at least 10,000 legitimate domains to install the Random JS infection toolkit.
At least one other firm estimated that hacked legitimate sites surpassed maliciously-created Web sites some time ago. In its January Malicious Page of the Month report, Finjan stated that in the middle of 2007, legitimate sites made up 80 percent of all malicious sites.
In the latest study, 18 percent of the sites specifically created by online fraudsters appeared to have been created by software toolkits sold on the Internet, according to Websense. In addition, the company found that seven out of eight e-mail messages were spam, and two-thirds of those messages contained links to malicious sites.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos