Most Malware Now Comes From Legitimate Sites

Biggest danger is no longer purpose-built malicious sites, but legit sites that are unwittingly distributing dangerous code

Dark Reading Staff, Dark Reading

January 23, 2008

1 Min Read

The number of genuine Websites compromised by hackers is, for the first time, larger than the number of malicious Websites purposefully created by cyber criminals, according to a report by Websense Security Labs.

Fifty-one percent of the sites classified as "malicious" are now compromised Websites, rather than sites built specifically by attackers, the researchers said.

"These sites pose a significant risk, because many security companies rely on Web site reputation to protect customers," the report says. "Compromised sites have a good reputation... This raises the effectiveness of the attacks."

In its own 2008 security threat report, security vendor Sophos said this week that every day, 6,000 new Websites are infected with malware. Eighty-three percent of these are legitimate pages infected by hackers, Sophos said.

"It's the fault of the people who own the Websites," said a Sophos researcher. "They haven't secured their sites. The problem is that the owners might not be technical."

— Tim Wilson, Site Editor, Dark Reading

Read more about:


About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights