A malware report released by security firm Websense revealed that the number of sites hosting malicious code increased 46% in 2008, 77% of them legitimate sites that had been compromised (typically through ‘SQL injections’ launched by a botnet).
The problem appears to be at epidemic levels, given the number of large and well-resourced sites affected. The Websense study found 70% of the top 100 websites were either playing host to malicious content or contained links redirecting users to malicious sites.
Web 2.0 sites populated with user-generated content were particularly susceptible to the latter, with sites like Blogspot, YouTube and Facebook among the top 50 most active distributors of malware. Such tactics appear to be working so well that email-based phishing attacks actually declined 33% in the last six months as cyber-criminals turned their focus to website-based attacks.
Intriguingly,