Analytics
12/3/2013
06:41 AM
Tim Wilson
Tim Wilson
Quick Hits
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Study: 340,000 New Malicious Websites Detected In Past 30 Days

Creation of new malware, spam, and phishing sites growing at unprecedented rates, report says

A total of 343,927 new malicious websites have been detected in the past 30 days, according to a study published Monday.

The study, conducted by security vendor Commtouch, indicates that the number of websites created specifically for malicious purposes is growing at an unprecedented rate.

"The average of nearly 11,500 new threats every day increases the digital foothold of cybercriminals as well as the likelihood that victims will stray into dangerous territory," the study says. "The malware endangers businesses and end users with a wide range of threats, including password and identity theft, use of hacked PCs as bots for spam, denial of service attacks, and a growing favorite of cybercriminals - encrypting and then ransoming critical data."

Some 173,314 of the newly detected sites are malware sites, according to Commtouch. Spam sites accounted for 56,503 of the total, and phishing sites accounted for 114,110.

"Malware sites typically rely on exploit kits that seek out known vulnerabilities in the browser, operating system, or PDF reader software, among others, and then use these vulnerabilities to gain control of the visiting computer or smartphone," the study states. "The majority of phishing sites targeted PayPal users, but an increasing number aimed for the Google credentials of users, since these credentials open up an increasing range of linked Google services."

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6212
Published: 2014-04-19
Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2013-6215
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.

CVE-2013-6218
Published: 2014-04-19
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

Best of the Web