NEWS
The amount of web-based malware on legitimate sites has increased by more than 400 per cent since last year, according to security vendor ScanSafe.
In a security report entitled A comparative look at the state of web security, May 2007-May 2008, released on Thursday, ScanSafe found 68 per cent of all internet-based malware was now being hosted on legitimate sites.
Security A to Z
From antivirus to zero-day, click here for silicon.com's alphabetical guide to security. 
Mary Landesman, senior security researcher at ScanSafe, said: "The compromise techniques being used now allow hackers to quickly 'colonise' thousands of legitimate sites, from big brand-name sites, to smaller but equally legitimate sites."
Techniques to compromise websites, including Iframe and SQL injection attacks, are becoming more ubiquitous, ScanSafe warned.
The fastest-growing category of threats hosted on the sites was backdoor and password-stealing malware, which increased 855 per cent from May 2007 to May 2008. There was also a 220 per cent increase in the amount of Trojans, viruses, password stealers and other malicious code being hosted on the web, according to ScanSafe.
Landesman said: "Over the last year malware authors have moved away from direct attacks - attacks in which they directly interact with victims, via social engineering for example - to indirect attacks accomplished through compromised websites."
Comments
There is 1 comment. Join the discussion
1. Joe Whitehead
What about images and sounds that use exploits in the render's engine, in order to implement buffer overflows? What are the odds that many people haven't updated their browsers since they first installed Windows?