Websense: More Hacked Sites than Ever

By Matthew Hines  |  Posted 2008-07-30 Print this article Print

Another research report has been issued that finds continued growth in the use of hacked Web sites among cyber-criminals and other electronic scammers looking to infect users online.

According to the Websense State of Internet Security report (PDF) covering the first half of 2008 -- based on the company's ongoing monitoring of the Web and of its customers' environments -- compromised URLs continue to advance as the most popular means of online malware delivery.

During the first six months of 2008, over 75 percent of the sites Websense observed distributing malware were legitimate URLs that had been somehow subverted by attackers, a 50 percent increase over the last six months of 2007.

The number of hacked sites also by far outnumbered the volume of malware-spewing pages tracked by Websense that appear to have been set up specifically to deliver attacks, the company said.

And it's not just mom-and-pop sites that are being hacked anymore, as Websense contends that a whopping 60 percent of the Web's most popular sites were either subverted or indirectly involved with some form of malicious activity over the past six months.

Of the 100 most popular sites, the areas of those properties that are being used most frequently to assail users are the sites' Web 2.0 social networking features, including blogs, message boards and the multimedia file-sharing systems. More than 45 percent of the sites support user-driven content.

It does appear that the use of malware tool kits to launch online attacks has slowed, with Websense reporting that some 12 percent of the sites it saw infected with malicious code were created using Web malware exploitation kits, a decrease of 33 percent since December 2007.

Websense researchers said the decrease may be related to attackers launching more customized threats to avoid traditional signature-based detection techniques.

"Each area of the Webscape has its own unique security challenges, but the top 100 Web properties that encompass the largest amount of visitors is a growing target of attackers," Websense experts said in the report. "Research shows that attackers continue to focus their attention on the Web 2.0 elements of the evolving Webscape, meaning that adaptive content classification and dynamic content scanning is now required to protect businesses and their information."

I bet you can guess what types of security technologies Websense offers.

Overall, 29 percent of the malicious Web attacks that the company has unearthed thus far in 2008 included data-stealing code, and 46 percent of data-stealing attacks were conducted online.

Some additional fun facts from the report:

-Of the 46.37 percent of all malware that connects via the Web:

--57.3 percent of malware connects to United States of America --6.19 percent of malware connects to China --5.5 percent of malware connects to Canada --4.27 percent of malware connects to Russia --4.11 percent of malware connects to Brazil --22.63 percent of malware connects to other countries

-The top 10 Web attack vectors during the first half of 2008 were:

1. Browser vulnerabilities 2. Adobe Flash vulnerabilities 3. ActiveX vulnerabilities 4. SQL injection 5. Adobe Acrobat Reader vulnerabilities 6. Content management systems vulnerabilities 7. Apple QuickTime vulnerabilities 8. Malicious Web 2.0 components

9. RealPlayer vulnerabilities 10. DNS cache poisoning

- The convergence of Web and e-mail threats -- or "blended threats" -- continues to increase. Websense reported that more than 76.5 percent of all e-mail in circulation during 2008 so far contained links to spam sites or malicious Web sites. This represents an 18 percent increase since December 2007.

"Hackers will continue to get creative and leverage user-created content and Web 2.0 applications to create even bigger security concerns for organizations," the Websense report authors said. "Researchers expect attackers to see a rise in special interest attacks -- targeting specific groups of people based on interests and profiles. With an increase in spam and 'talk back' sections of new sites, new active media, Web modules, scripting and social networks, organizations will need to ensure their Web, messaging and data security programs are adequate to plug the holes and curb the new avenues hackers exploit to spread malicious code for financial gain."

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

del.icio.us | digg.com

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel