Online fraudsters are increasingly 'seeding' legitimate websites with
malicious code, ScanSafe has warned.
The firm's data revealed that 68 per cent of all web-based malware blocked on
behalf of corporate customers in May was found on legitimate sites, up more than
400 per cent since May 2007.
Advertisement
"The techniques allow hackers to quickly 'colonise' thousands of legitimate
sites, from big brand sites like Wal-Mart, to smaller but equally legitimate
sites," said Mary Landesman, senior security researcher at ScanSafe.
The company reported a 220 per cent increase in the amount of web-based
malware, including viruses, Trojans, password stealers and other malicious code,
thanks largely to ongoing SQL injection attacks.
ScanSafe said that the fastest growing category of threats is backdoor and
password-stealing malware, which increased 855 per cent from May 2007 to May
2008.
Other highly prolific attacks have been rendered through the use of stolen
FTP credentials.
You absolutely cannot assume that a brand name or well known site is a safe site
Mary Landesman ScanSafe
"Over the last year malware authors have moved away from attacks in which
they directly interact with victims via social engineering, for example, to
indirect attacks accomplished through compromised websites," explained
Landesman.
This method is more insidious and harder to detect than direct attacks, and
allows hackers to exploit the implicit trust of well known brands to lull users
into a false sense of security.
"The net result is that you absolutely cannot assume that a brand name or
well known site is a safe site," said Landesman.
"We have been saying this for some time but it bears repeating in light of
this astronomical increase. Currently, thousands of legitimate sites are being
compromised daily."
Do you agree?
Have your say on this article