Malware Web sites: now 30,000 a day

Malware Web sites: now 30,000 a day

Summary: Security experts demand more vigilance by Web-hosts to curb the explosion in malware-infected Web sites, which are appearing at a rate of 30,000 per day, according to Sophos.

SHARE:
TOPICS: Security
3

Security experts demand more vigilance by Web-hosts to curb the explosion in malware-infected Web sites, which are appearing at a rate of 30,000 per day, according to Sophos.

Over the past eight months Sophos has recorded a six-fold increase in the number of malware-hosting Web sites, increasing from 5,000 per day to over 30,000.

Only 20 percent of these sites are actually owned and operated by criminals, revealing the extent to which legitimate Web sites are being exploited.

Paul Ducklin, chief of technology at Sophos told ZDNet Australia the positive steps organisations have taken to secure their e-mail inboxes from online threats has pushed criminals to focus on drive-by attacks on popular Web sites.

There has been a drastic decrease in e-mails containing malicious content, down from one in 40 a few years ago to one in 400.

Cybercriminals have reached diminishing marginal returns on e-mail campaigns, Ducklin said, and have turned to a more effective means of harvesting information.

In mid-June for example, Trend Micro and Websense reported that 10,000 mainstream Italian Web sites had been hacked using the MPack infection tool kit, allegedly distributed online for between US$150 and US$1,000. The tool kit enabled malicious IFRAME tags on hacked but legitimate Web sites to redirect browsers to a page with malicious content.

"It's no surprise to see legitimate Web pages targeted for these attacks," said Carole Theriault, senior security consultant at Sophos. "Businesses generally aren't too strict about stopping their employees accessing these Web sites, while the sites themselves will already have their own daily flow of user traffic, saving hackers the trouble of trying to entice unenlightened Web surfers."

Adam Biviano, Trend Micro's Australian premium services manager agreed. "People are aware of e-mail borne threats, so the next low handing fruit is using the Web. But in either case, the user can still be at risk of a drive-by attack. All you have to do is browse that Web site and your machine may be infected."

Sophos' research shows that China, the US and Russia comprise 86 percent of the world's malware-hosting Web sites and the most popular methods to deliver malware were through iframes and obfuscated Javascript.

While Australia did not rank in the top 10 list for malware infected Web sites, Ducklin said he has recently discovered a state government department's Web site, which he refuses to name, that contained malicious content.

"The problem was that it wasn't on the site itself, but on the backend server that generated search content. When you did a search, the results contained malicious HTML. In this case it was not generated by the Web server, which appeared to have an infection," he said.

Topic: Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Microsoft...microsoft...microsoft....

    It's always the same.

    When are they going to get sued for foisting third-rate garbage on the public ?

    if we simply banned all Microsoft products then this problem would largely go away.
    anonymous
  • Errr

    Tracking daily security reports, it would seem Microsoft is the most proactive in security protection and has the least threats compared to other non - Microsft specific vendors? This has been more evident since the release of Windoes 2003 SP1. I see mostly daily, a threat to Sun Java, Open SSL, IBM Lotus Notes, Applica Max OS X, Joomla. I work for a Bank...therefore this is a neutral response. Considering we have every major flavour of OS known to man. Microsoft is so far the winner is server deployments considering security and cost.
    anonymous
  • err........

    If you work for a bank you would know that MS is rarely used on the front line, or for very few critical applications - this is mostly UNIX space. MS has probably the worst record of any software manufaturer in the world for security. Also, MS have single handedly destroyed any confidence the world has in IT and imerging technologies because of poorly designed, insecure and unreliable products. Thank goodness someone is making quality software, thank goodness MS still is not.
    anonymous