Legitimate Sites Carry Increasing Portion Of MalwareLegitimate Sites Carry Increasing Portion Of Malware
Seventy percent of the Web's top 100 sites hosted malicious content in second half of 2008, Websense lab study says
January 22, 2009
If you're wondering where most malware comes from, check the "favorites" list in your Web browser.
According to Websense Security Labs' newly published "State of Internet Security" report for the second half of 2008, 77 percent of Websites that carry malicious code are legitimate sites that have been compromised. This figure rose by almost 3 percent over the first six months of the year. The number of sites carrying malicious code grew by 46 percent over the course of 2008, Websense says.
Seventy percent of the top 100 sites on the Web -- most of them social networking or search engine sites -- either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites, according to the report. This figure represents a 16 percent increase over the first six months of 2008, Websense says.
"The most prevalent trend was the continued use of Web 2.0 content to exploit weaknesses within the Web infrastructure to attract the greatest number of victims," the report states. "Search engines and social networking sites were the biggest targets over the last six months, as hackers continued to get creative and leverage user-created content to compromise sites with good reputations."
And the Web is becoming attackers' favorite vehicle for launch, the report states. In the second half of 2008, 57 percent of data-stealing attacks were conducted over the Web -- an increase of 24 percent over the first half.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks