A new report from Websense highlights both the growth of malicious sites as well as widespread SEO abuse by attackers.
A look back at 2010 by researchers at Websense revealed that a mix of better
tactics and black
hat search engine optimization
(SEO) laid the foundation for a dramatic
jump in malicious sites for the year.
In the "Websense 2010 Threat Report," researchers had mostly bad
news for users-the number
of malicious sites
increased 111.4 percent between 2009 and 2010. Nearly 80
percent of all malicious sites are compromised legitimate Websites, a statistic
Websense Senior Manager of Security Research Patrik Runald called "a huge
"Attacks by numbers work very well for the bad guys, so as they
continuously improve the way they work, combined with attacks on some very
large hosting companies ... [that means] that the total number of [malicious]
sites goes up substantially," he said.
Search engine optimization by attackers has not helped the situation.
According to Websense, Web users searching for breaking news have a 22.4
percent chance of being lured to a malicious site-more than those searching for
adult content, who have a 21.8 percent chance.
"The earthquakes in Haiti and Chile, Corey Haim's death, and the World
Cup of Soccer were just a few examples of cleverly manipulated search engine
results steering people to bogus links that rated higher than legitimate
to the report
. "Similar to what we found in 2009, the botnets behind
these campaigns are being repurposed once the illegitimate campaign has been
removed from the search engine results.
"Many of the 2010 SEO attacks were blended in nature, with a second
component consisting of Rogue AV," the report continued. "Both
approaches used bogus AV campaigns offering free health scans that identified
fake infections. Upon notification of a fake virus, users were prompted to
download a free 'antivirus' software where a second scan asked them for their
credit card information to remove the fake malware."
Researchers said they expect to see more black hat SEO combined with rogue
antivirus and e-mail containing data-stealing components in the coming 12
months. For 2010, shopping remains the leading topic of spam, compromising 12
percent. Pump-and-dump spam is next at 10 percent.
According to the report, the United States
was the No. 1 country hosting crimeware and phishing sites in 2010.
"Stable servers and good Internet connections are two reasons,"
Runald said. "While it is easy to think that a lot of the stolen data is
sent to servers in Eastern European or Asian countries, the fact is that the
attackers need stable systems just like the rest of us. And the U.S.
is definitely up there in terms of stability, so it's logical that it's one of
the most popular hosting countries. That doesn't mean, of course, that the
attackers are based in the U.S."