Malware chooses blogs over e-mail

With the Web as the most popular means of malware infection, more malicious content is finding itself on social networking sites and blogs, says Sophos.

More malware is hopping onto the Web 2.0 boat as the choice transportation, overtaking e-mail.

According to IT security company Sophos, the number one malware Web host is, a site which provides a template and hosting space for users to create their own blogs for free.

Hackers have used the site to set up malicious blogs, and also used their accounts to add comments containing dangerous Web links on other innocent blogs, detailed Sophos in its latest security threat report.

And yet accounts for just 2 percent of all the malware hosted on the Web.

Other social networking sites such as Facebook and LinkedIn have not been immune to such threats. The Web is the preferred mode of attack for "financially motivated cybercriminals", noted the report, and amongst the social networking sites, LinkedIn affects more business users as a result of its enterprise audience.

Compromised LinkedIn accounts give cybercriminals a way to execute spear-phishing attacks on "new and unsuspecting" employees by way of corporate directories accessible through such vulnerable accounts, said Sophos.

Thousands of enterprise Web sites and government agencies have also been compromised, putting visitors at risk of infection and identity theft.

Graham Cluley, Sophos senior technology consultant, said in the report: "Businesses need to bite the bullet and take better care of securing their computers, networks and Web sites. They are not only risking having their networks broken into, but are also putting their customers in peril by passing on infections."

Office workers, too, need to be more vigilant when visiting Web sites so as not to be a cybercriminal's entry point into their organizations.

"All organizations should ensure employees are fully educated about the dangers of posting too much information on these sites, and of accepting unsolicited friend requests," said the report.

Sophos explained that over 90 percent of infected sites spreading spyware are legitimate sites, but hacked through SQL injection attacks, which insert malicious code into the database running a Web site.

With hackers gaining access into backend databases, users who visit vulnerable sites--especially banking sites--risk having sensitive information stolen, too.

According to Sophos, the first half of this year saw an "explosion" in threats spread over the Web, with 16,173 malicious Web pages seen everyday--or one every five seconds--three times faster than last year's rate of infection.

But attacks via e-mail have gone down this year. Malicious attachments were found in one out of every 2,500 e-mail messages this year, compared to one in 332 last year, according to the report.