Hackers 'seeding' legitimate websites

Malware authors have switched from direct to indirect attacks

Online fraudsters are increasingly 'seeding' legitimate websites with malicious code, ScanSafe has warned.

The firm's data revealed that 68 per cent of all web-based malware blocked on behalf of corporate customers in May was found on legitimate sites, up more than 400 per cent since May 2007.

"The techniques allow hackers to quickly 'colonise' thousands of legitimate sites, from big brand sites like Wal-Mart, to smaller but equally legitimate sites," said Mary Landesman, senior security researcher at ScanSafe.

The company reported a 220 per cent increase in the amount of web-based malware, including viruses, Trojans, password stealers and other malicious code, thanks largely to ongoing SQL injection attacks.

ScanSafe said that the fastest growing category of threats is backdoor and password-stealing malware, which increased 855 per cent from May 2007 to May 2008.

Other highly prolific attacks have been rendered through the use of stolen FTP credentials.

"Over the last year malware authors have moved away from attacks in which they directly interact with victims via social engineering, for example, to indirect attacks accomplished through compromised websites," explained Landesman.

This method is more insidious and harder to detect than direct attacks, and allows hackers to exploit the implicit trust of well known brands to lull users into a false sense of security.

"The net result is that you absolutely cannot assume that a brand name or well known site is a safe site," said Landesman.

"We have been saying this for some time but it bears repeating in light of this astronomical increase. Currently, thousands of legitimate sites are being compromised daily."