Websites Often Reinfected After Malware Attacks

By Brian Prince  |  Posted 2009-10-27 Print this article Print

Ever reinjure an old wound? New research from Dasient suggests that may happen on the Web more than you think.

In a report on Web security during the third quarter of 2009, the company found that Websites that had been compromised had a reinfection rate of 39.6 percent. Though the company did not point to any one factor for this, researchers believe it could be the combination of the number of attack vectors and the failure of administrators to address the actual vulnerabilities being exploited.

"What we do know is that there are many ways for Web-based malware to get onto Websites, including compromised FTP credentials, Web application vulnerabilities, and sourcing in third-party content (like mashups) or advertisements," a Dasient spokesperson said. "Since the attackers are running automated scripts to inject malware onto Websites, it is likely that Webmasters whose sites were re-infected cleaned up the original infection but (one) did not change FTP passwords and/or remove a keylogger from the admin PC, (two) did not address underlying Web application vulnerabilities, or (three) continues to source in content/ads from third-parties, and is therefore still at risk for getting re-infected."

In some ways, this relates back to a report from SANS Institute that analyzed data from 15,000 organizations and found unpatched applications are plaguing many enterprises. Taken together, the reports underscore the importance of making sure that any security holes are truly plugged, as opposed to just removing infections from systems or sites once they have been compromised.

According to Dasient - whose findings are based on data from its malware-analysis platform - most Web-based malware attacks fall into two categories: JavaScript attacks (54.8 percent) and iFrame attacks (37.1 percent).

The bad news doesn't end there. During the third quarter of 2009, the company estimates that more than 640,000 sites and roughly 5.8 million Web pages were infected.

"There are two forces at play here: One, attackers are seeing success with Web-based malware attacks," the Dasient spokesperson said. "Whenever they see success with an attack vector, they will continue to invest more. And two, modern Websites themselves are becoming more complex and dynamic, and are increasingly sourcing in content from other places (including Websites and even users directly)."

"Mashups, online advertising, and user-generated content have become standards that support rich user experiences, as well as the business models of many Websites," the spokesperson continued. "However, this dynamic functionality also results in more opportunities for attackers to inject malicious code onto Websites." |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel