Three Quarters of Malicious Web Sites Are Hacked
Three-quarters of all Web sites that try to foist malicious software on visitors are legitimate sites that have been hacked, a report released today found. Even worse, most of these compromised sites are social networking communities and some of the Internet's most popular destinations.
Those numbers come from stats (PDF) collected in the first six months of this year by Websense, an online security company that scans more than 40 million Web sites hourly for signs that they may have been compromised by hackers.
Websense found that 60 percent of the Top 100 most popular sites this year have either hosted malware or forwarded visitors to malicious sites. The company also says that nine out of 10 of those compromised sites were social networking or Web search sites.
"The majority of these attacks are using Web properties as repositories for malware, mainly because they let users upload content," said Dan Hubbard, the company's chief technology officer. Some of the most frequently targeted communities include AOL, Facebook, Geocities, Google's Blogspot and Google Pages, and Rapidshare, Hubbard said.
Most of the Web sites either hosted malicious content or silently redirected visitors from trusted pages to hostile sites. Hubbard said the redirect most favored by attackers is at DoubleClick, one of the Internet's largest online ad companies (see this post from earlier this month on the danger and pervasiveness of open redirects on the Internet).
Typically, the hacked sites are advertised through junk e-mail. According to Websense, nearly 30 percent of those links lead to sites that try to plant software which steals passwords and other sensitive data from victims. The remainder of the spam links attempt to install software that lets attackers control the systems from afar, and/or install additional software without the owner's knowledge.
The findings mirror other recent research. In May, Web site vulnerability scanning company ScanSafe found that 68 percent of Web-based malware was pushed out via compromised Web sites.
Bad guys are clearly going where the eyeballs are. But I think this snippet from the report aptly sums up the threat we're facing: "Websense has found that the content of a single Web page may be comprised from multiple locations including a variety of disparate sources. The danger is that users typically associate the content they are viewing from the URL in the address bar, not the actual content source. The URL is no longer an accurate representation of the source content from the Web page" (emphasis added).
Browser add-ons like Site Advisor and Web of Trust (WOT) can help people searching the Web determine whether the sites they are searching for have a nasty reputation. But such services do little to aid in flagging legitimate sites that were recently hacked and seeded with malicious software.
The single most useful step a Windows user can take to be protected from threats at trusted Web sites is to run the operating system - or the Web browser - under a limited user account that does not have privileges to install software or modify key settings on the PC. This will not stop all attacks, but it will blunt the vast majority of them. If this is a foreign concept, please see my posts on running Windows under a limited user account and dropping the user rights of key Internet-facing programs.
July 29, 2008; 12:41 PM ET
Categories: Fraud , Latest Warnings , Safety Tips
Save & Share: Previous: Critical Security Updates Available for RealPlayer
Next: Exploit Prods Software Firms to Update Their Updaters
Posted by: Ugh | July 29, 2008 12:54 PM | Report abuse
Posted by: brucerealtor | July 29, 2008 1:00 PM | Report abuse
Posted by: antibozo | July 29, 2008 4:20 PM | Report abuse
Posted by: TJ | July 29, 2008 8:36 PM | Report abuse
Posted by: Firefox blocks a lot of em. | July 30, 2008 5:39 AM | Report abuse
Posted by: Denis | August 4, 2008 3:50 PM | Report abuse
Posted by: Greg | August 4, 2008 10:03 PM | Report abuse
Posted by: Stern | August 6, 2008 8:18 PM | Report abuse
The comments to this entry are closed.