Beware free web services, warns Websense

Cyber criminals are increasingly using blog sites and other free online services to spread malicious code, Websense has warned.

In the first two weeks of July, the security company's labs saw more than 500 incidents of such attacks, Websense said on Monday. The free services are being abused to install software designed to steal personal information or hijack a victim's PC.

Dan Hubbard, the senior director of security and technology research at Websense, said in a statement: "July has seen a major boom - in the first two weeks alone, we found more instances than in May and June combined."

For the year until mid-July, the San Diego company found a total of 2,500 incidents.

The free services are an anonymous and affordable way for attackers to store and spread their malicious code. In April, Websense reported that blogging services were being targeted by cyber criminals. The company is now warning that other services which offer free web space - for example, photo album sites, fan sites or greeting card sites - are also being exploited.

The attackers typically lure people to the malicious sites by sending enticing emails and instant messages. When a victim clicks on a link, the computer becomes infected. In one case, a greeting card was displayed and a tune played in the background while spyware was being installed on the compromised PC, Websense said.

Automatic tools can be used to create some of the malicious web pages, Websense said. Typically, the fraudulent sites are only online for up to four days, which makes them harder to detect, it added.

Websense sells software that protects organisations' networks by blocking access to known malicious websites. The company scans millions of sites every day for malicious code. It is advising people to be careful when following web links and to run up-to-date antivirus software for protection.

Joris Evers writes for CNET News.com