Malware Web sites: now 30,000 a day

Summary:Security experts demand more vigilance by Web-hosts to curb the explosion in malware-infected Web sites, which are appearing at a rate of 30,000 per day, according to Sophos.

Security experts demand more vigilance by Web-hosts to curb the explosion in malware-infected Web sites, which are appearing at a rate of 30,000 per day, according to Sophos.

Over the past eight months Sophos has recorded a six-fold increase in the number of malware-hosting Web sites, increasing from 5,000 per day to over 30,000.

Only 20 percent of these sites are actually owned and operated by criminals, revealing the extent to which legitimate Web sites are being exploited.

Paul Ducklin, chief of technology at Sophos told ZDNet Australia the positive steps organisations have taken to secure their e-mail inboxes from online threats has pushed criminals to focus on drive-by attacks on popular Web sites.

There has been a drastic decrease in e-mails containing malicious content, down from one in 40 a few years ago to one in 400.

Cybercriminals have reached diminishing marginal returns on e-mail campaigns, Ducklin said, and have turned to a more effective means of harvesting information.

In mid-June for example, Trend Micro and Websense reported that 10,000 mainstream Italian Web sites had been hacked using the MPack infection tool kit, allegedly distributed online for between US$150 and US$1,000. The tool kit enabled malicious IFRAME tags on hacked but legitimate Web sites to redirect browsers to a page with malicious content.

"It's no surprise to see legitimate Web pages targeted for these attacks," said Carole Theriault, senior security consultant at Sophos. "Businesses generally aren't too strict about stopping their employees accessing these Web sites, while the sites themselves will already have their own daily flow of user traffic, saving hackers the trouble of trying to entice unenlightened Web surfers."

Adam Biviano, Trend Micro's Australian premium services manager agreed. "People are aware of e-mail borne threats, so the next low handing fruit is using the Web. But in either case, the user can still be at risk of a drive-by attack. All you have to do is browse that Web site and your machine may be infected."

Sophos' research shows that China, the US and Russia comprise 86 percent of the world's malware-hosting Web sites and the most popular methods to deliver malware were through iframes and obfuscated Javascript.

While Australia did not rank in the top 10 list for malware infected Web sites, Ducklin said he has recently discovered a state government department's Web site, which he refuses to name, that contained malicious content.

"The problem was that it wasn't on the site itself, but on the backend server that generated search content. When you did a search, the results contained malicious HTML. In this case it was not generated by the Web server, which appeared to have an infection," he said.

Topics: Security


Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.