Rise of the ‘legit’ malware sites

75% of malicious sites are ‘legit’About 75 percent of all Web sites serving up malicious code are legitimate sites that have been hacked/compromised, according to a new report from WebSense.

This number validates statistics from ScanSafe showing a dramatic rise in ‘good’ sites being being used as a conduit for drive-by malware downloads and other social engineering attacks.

[ SEE: The key to an open, transparent malware filtering system ]

Even more worrisome, the WebSense report (pdf) says that 60 percent of the top 100 most popular Web sites have either hosted or been involved in malicious activity in the first half of 2008.

Some additional highlights:

  • 12 percent of Web sites infected with malicious code were created using Web malware exploitation kits, a decrease of 33 percent since December 2007. Websense researchers believe this decrease may be attributed to attackers launching more customized attacks to avoid
    signature detection by security measures.
  • 29 percent of malicious Web attacks included data-stealing code.
  • 46 percent of data-stealing attacks are conducted over the Web.
  • 87 percent of email messages are spam. this percentage remains the same as the second half of 2007.
  • 76.5 percent of all emails in circulation contained links to spam sites and/or malicious Web sites. this represents an 18 percent increase over the previous six-month period.
  • 85 percent of unwanted (spam or malicious) emails contain a link.
  • Pornography-related spam decreased by more than 70 percent and is no longer the most popular topic for spam. Shopping (20 percent), cosmetics (19 percent), and Medical (11 percent) represent the majority of today’s spam.
  • 9 percent of spam messages are phishing attacks, representing a 47 percent increase over the last six months.

WebSense also provided confirmation of what we’ve been reporting here on Zero Day:

Top 10 Web Attack Vectors in 1st Half of 2008:

  1. Browser vulnerabilities
  2. Adobe Flash vulnerabilities.
  3. ActiveX vulnerabilities.
  4. sQL injection.
  5. Adobe Acrobat Reader vulnerabilities.
  6. Content management systems (CMS) vulnerabilities.
  7. Apple QuickTime vulnerabilities.
  8. Malicious Web 2.0 components (Facebook applications, third-party widgets/gadgets, banner ads, etc.)
  9. RealPlayer vulnerabilities.
  10. DNS cache poisoning.

See additional reporting by from Brian Krebs at the Washington Post, Matt Hines at eWEEK and this Techmeme discussion.

[Source: zdnet]