Quick Hits

Most Malware Now Comes From Legitimate Sites

Biggest danger is no longer purpose-built malicious sites, but legit sites that are unwittingly distributing dangerous code

The number of genuine Websites compromised by hackers is, for the first time, larger than the number of malicious Websites purposefully created by cyber criminals, according to a report by Websense Security Labs.

Fifty-one percent of the sites classified as "malicious" are now compromised Websites, rather than sites built specifically by attackers, the researchers said.

"These sites pose a significant risk, because many security companies rely on Web site reputation to protect customers," the report says. "Compromised sites have a good reputation... This raises the effectiveness of the attacks."

In its own 2008 security threat report, security vendor Sophos said this week that every day, 6,000 new Websites are infected with malware. Eighty-three percent of these are legitimate pages infected by hackers, Sophos said.

"It's the fault of the people who own the Websites," said a Sophos researcher. "They haven't secured their sites. The problem is that the owners might not be technical."

— Tim Wilson, Site Editor, Dark Reading

  • Sophos plc
  • Websense Inc. (Nasdaq: WBSN)
  • Editors' Choice
    Jai Vijayan, Contributing Writer, Dark Reading
    Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading