RSS Alerts

Related Links

Related Stories

  • Search for security
    With more than 30 000 web pages being infected every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves.
  • Cybercriminals adopt business strategies
    Online criminals are using state of the art business strategies to commit cybercrimes, says network equipment maker Cisco.
  • Websense report exposes hacker attacks on popular websites
    Data security vendor, Websense, has released a report detailing their findings on internet security over the last 6 months.
  • BitDefender malware survey shows web 2.0 a rising threat
    IT security vendor BitDefender's end-of-year report on the state of the malware marketplace claims to show an increase in e-threats that are linked to international events, as well as a rising popularity in web 2.0-linked attack vectors.
  • Kaspersky Lab predicts file-sharing threats to rise in 2010
    In its year-end forecast of security threats for the coming year, Kaspersky Lab is predicting a shift of emphasis from attacks via websites and applications software attacks over towards file-sharing networks in 2010.

News

Number of malicious websites up 233% in H1 2009

17 September 2009

The Websense Security Labs report on the state of internet security for the first half of 2009, has found that the number of malicious websites has increased 233% over the last six months, and 671% over the last year.

Websense chief technology officer, Dan Hubbard, said: “The last six months have shown that malicious hackers and fraudsters go where the people are on the web – and have heightened their attacks on popular web 2.0 sites and continued to compromise established, trusted websites, in the hope of infecting unsuspecting users. From malicious Twitter spam campaigns and blog comment spam to the massive injection attacks, those perpetrating fraud are exploiting the inherent trust users have of known web properties and other users.”

Almost one in five (77%) of the websites with malicious code are legitimate websites that have been compromised, Websense said, and 61% of the top 100 websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate to malicious websites.

User-generated comments to blogs, chat rooms and message boards turned out to be 95% spam or malicious content.

Half of the web pages linked to websites categorised as ‘sex’ also served malicious content, Websense said, and 69% of all web pages with any objectionable content, such as ‘sex’, ‘adult content’, ‘gambling’ or ‘drugs’, also had at least one malicious link. 78% of new web pages discovered in the first six months of 2009 with any objectionable content also had a least one malicious link.

When it came to emails, Websense found that 87.7% of all email was spam – up 3% over the last six months. 85.6% of all unwanted emails in circulation contained links to spam sites and/or malicious websites.

Shopping remained the leading spam topic with 28%. Comsetics represented 18.4%, medical 11.9%, and education 9.5% of spam. Websense said education spam has nearly doubled – perhaps because of the recession as spammers seek to exploit people looking hoping to gain new skills or obtain fake qualifications to help their job prospects.

Looking at data security, the Websense report said 37% of malicious web and/or http attacks included data-stealing code, and that 57% of data-stealing attacks are conducted over the web.

“The exposure of confidential information is now the single greatest threat to enterprise security”, Websense added.

Web 2.0

Websense said web 2.0 sites and applications are increasingly used to carry out attacks, and that efforts to self-police these sites have been “largely ineffective”. Community-drive security tools on sites like YouTube and BlogSpot are 65-75% ineffective in protecting users from objectionable content and security risks.

More than 200 000 phoney copycat websites have also been created, all of which included the terms Facebook, MySpace or Twitter in their URLs. Facebook alone has seen over 150 000 known copycat websites with fake URLs.

Websense also said it is “seeing that the increasing popularity of social networking and web 2.0 sites has helped fuel another trend that also could be described as ‘hateful’ in spirit.”

Researchers at Websense Security Labs said they have seen a substantial increase in the occurrence of hate or militant content residing on Facebook and other popular web 2.0 sites such as YouTube, Yahoo! Groups and Google Groups.

Websense has recorded a 326% increase in cyberterrorism (militancy and extremist websites) over the same period in 2008, and the company is now tracking around 15 000 of these hate and militancy sites, with 1000 added in just the last six months.

This is happening at the same time as more and more organisations are using web 2.0 for business purposes with 95% of organisation allowing access to some types of web 2.0 sites or applications, and 62% of IT managers believing that web 2.0 is necessary to their business.

 

This article is featured in:
Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water