The Websense 2010 Threat Report reveals that the number of malicious websites has more than doubled since 2009, and nearly four out of every five websites infected with malicious code are legitimate sites that have been compromised.Some software platforms are subject to known vulnerabilities, and it's easy for the hackers to scan the Internet looking for those platforms and then try to exploit them.
European research directorWebsense, Inc.
In addition, spam has gone beyond being merely a nuisance to a serious threat, with 89.9% of unwanted messages containing links to spam sites and malicious websites.
"The Web is certainly a more dangerous place than it was just six, or even two, months ago," said Carl Leonard, European research director for San Diego, Calif-based Websense, Inc.
The report, released last week, also charts the rise of SEO poisoning, where criminals create websites that appear to relate to some widely searched subject -- and therefore have a good chance of appearing high up in a search engine's results page -- in order to lure users into infected websites.
While sex used to be the top theme of choice for cybercriminals, they now tend to favour breaking news, such as the death of a pop star or highly anticipated sporting events. As the report says: "What was particularly worrisome is that some breaking trends such as 'World Cup 2014' and 'ABS-CBN News' returned searches where more than 25% of the sites hosted malware."
Leonard blamed the wide availability of malware kits that can be bought on the Internet and allow even novice hackers to get involved in crime.
"Some software platforms are subject to known vulnerabilities, and it's easy for the hackers to scan the Internet looking for those platforms and then try to exploit them," Leonard said. "Any major platform will be targeted by malware authors, because it presents a huge attack area." A favourite target is WordPress, home to 13.9 million blogs, he said.
The threat report's key message for companies, he said, is that threats on the Internet are changing rapidly and security needs to be kept up to date to match threats. "Things have moved on. You can't rely on the security tools you bought two or three years ago to defend you.