Websense chief technology officer, Dan Hubbard, said: “The last six months have shown that malicious hackers and fraudsters go where the people are on the web – and have heightened their attacks on popular web 2.0 sites and continued to compromise established, trusted websites, in the hope of infecting unsuspecting users. From malicious Twitter spam campaigns and blog comment spam to the massive injection attacks, those perpetrating fraud are exploiting the inherent trust users have of known web properties and other users.”
Almost one in five (77%) of the websites with malicious code are legitimate websites that have been compromised, Websense said, and 61% of the top 100 websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate to malicious websites.
User-generated comments to blogs, chat rooms and message boards turned out to be 95% spam or malicious content.
Half of the web pages linked to websites categorised as ‘sex’ also served malicious content, Websense said, and 69% of all web pages with any objectionable content, such as ‘sex’, ‘adult content’, ‘gambling’ or ‘drugs’, also had at least one malicious link. 78% of new web pages discovered in the first six months of 2009 with any objectionable content also had a least one malicious link.
When it came to emails, Websense found that 87.7% of all email was spam – up 3% over the last six months. 85.6% of all unwanted emails in circulation contained links to spam sites and/or malicious websites.
Shopping remained the leading spam topic with 28%. Comsetics represented 18.4%, medical 11.9%, and education 9.5% of spam. Websense said education spam has nearly doubled – perhaps because of the recession as spammers seek to exploit people looking hoping to gain new skills or obtain fake qualifications to help their job prospects.
Looking at data security, the Websense report said 37% of malicious web and/or http attacks included data-stealing code, and that 57% of data-stealing attacks are conducted over the web.
“The exposure of confidential information is now the single greatest threat to enterprise security”, Websense added.
Web 2.0
Websense said web 2.0 sites and applications are increasingly used to carry out attacks, and that efforts to self-police these sites have been “largely ineffective”. Community-drive security tools on sites like YouTube and BlogSpot are 65-75% ineffective in protecting users from objectionable content and security risks.
More than 200 000 phoney copycat websites have also been created, all of which included the terms Facebook, MySpace or Twitter in their URLs. Facebook alone has seen over 150 000 known copycat websites with fake URLs.
Websense also said it is “seeing that the increasing popularity of social networking and web 2.0 sites has helped fuel another trend that also could be described as ‘hateful’ in spirit.”
Researchers at Websense Security Labs said they have seen a substantial increase in the occurrence of hate or militant content residing on Facebook and other popular web 2.0 sites such as YouTube, Yahoo! Groups and Google Groups.
Websense has recorded a 326% increase in cyberterrorism (militancy and extremist websites) over the same period in 2008, and the company is now tracking around 15 000 of these hate and militancy sites, with 1000 added in just the last six months.
This is happening at the same time as more and more organisations are using web 2.0 for business purposes with 95% of organisation allowing access to some types of web 2.0 sites or applications, and 62% of IT managers believing that web 2.0 is necessary to their business.