Dasient, a startup whose co-founders include two former Google engineers, found 5.8 million individual Web pages infected across 640,000 compromised Websites. That represents a major increase from Microsoft's report in April of some 3 million infected pages, according to Dasient, which runs a behavioral-based service to diagnose infected Websites.
Ameet Ranadive, one of Dasient's co-founders and a former strategy consultant at McKinsey, says his company also detected more than 52,000 unique types of Web malware in the quarter. "Hackers are starting to see success here with Web-based attacks, so they are investing more in them," he says. "Websites are becoming more complex, and you have more Websites matching content, sourcing, and [banner] ads...creating opportunities to inject malicious content."
Among newly compromised Websites of 10 pages or more, nearly 20 percent of their pages were infected. The bad guys have been infecting more pages as a way to score more victims. "The more parts of a site that have been infected, the more difficult and challenging that it is to remediate and detect it," Ranadive says.
Reinfection of Websites is becoming a big problem, too: Of all the sites infected during the quarter, 39.6 percent were reinfected again during that period. That may be in part due to increasingly more complex and obfuscated malware that's hard to kill. "If a site is not [fully] clean...they are not only at risk, but at risk multiple times," Ranadive says.
Dasient also announced today it will open up its Web malware infection library via its Website and will list the top 10 Web-based malware threats each week, as well as other attack trends. Dasient has gathered data on more than 70,000 different Web-based malware infections since it first launched a few months ago.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.