Web-based malware up 400 per cent

The amount of web-based malware on legitimate sites has increased by more than 400 per cent since last year, according to security vendor ScanSafe.

In a security report entitled A comparative look at the state of web security, May 2007-May 2008, released on Thursday, ScanSafe found 68 per cent of all internet-based malware was now being hosted on legitimate sites.

Security A to Z

From antivirus to zero-day, click here for silicon.com's alphabetical guide to security.

Mary Landesman, senior security researcher at ScanSafe, said: "The compromise techniques being used now allow hackers to quickly 'colonise' thousands of legitimate sites, from big brand-name sites, to smaller but equally legitimate sites."

Techniques to compromise websites, including Iframe and SQL injection attacks, are becoming more ubiquitous, ScanSafe warned.

The fastest-growing category of threats hosted on the sites was backdoor and password-stealing malware, which increased 855 per cent from May 2007 to May 2008. There was also a 220 per cent increase in the amount of Trojans, viruses, password stealers and other malicious code being hosted on the web, according to ScanSafe.

Landesman said: "Over the last year malware authors have moved away from direct attacks - attacks in which they directly interact with victims, via social engineering for example - to indirect attacks accomplished through compromised websites."

Original article: Web-based malware on legit sites soars from ZDNet UK