Most web malware on legitimate websites, says Scansafe

More than two thirds of web-based...

More than two thirds of web-based malware is now found on legitimate web sites, according to a report by security supplier Scansafe, an increase of 407% compared with May 2007.

Mary Landesman, senior security researcher at Scansafe, said hackers had moved away from direct attacks like social engineering to focus on indirect attacks that use trusted brand names.

"You absolutely cannot assume that because you are well known site that it is safe. Currently, thousands of legitimate web sites are being compromised daily," Mary Landesman said.

The report said there had also been a 220% increase in the different kinds of web-based malware in the past year.

Authentication-bypass and password stealing malware grew the fastest with an 855% increase, which put sensitive corporate data at serious risk, said Scansafe.

Since October last year there have been hundreds of thousands of mainly China-based attacks, in which hackers passed malicious code to visitors on legitimate websites.

Visitors' computers are infected when they are redirected to malicious servers using a code injection method based on the database query language SQL.

In the latest round of SQL-injection attacks this week, Wal-Mart's website was compromised by exploiting a weakness in Adobe's Flash Player software.

Hackers targeted several UK sites, including those of the Royal Statistical Society, National Media Museum, Skills for Care, and a number of businesses.

Landesman said the attacks were interesting because a much larger number malicious networks and servers were used than in the past.

"Looks like either the attacker has changed tactics, or we've a copycat on our hands," Landesman said in her blog.

Read more on IT risk management