More than one million Web domains were infected with malicious code in the second quarter of 2010 – around one percent of all active Web domains, according to data released by Web security firm Dasient, Inc.
The number of infected domains was extrapolated from data gained through a sample scan of what Dasient describes as “millions of Web sites,” as well as from customer deployments. It suggests that compromises of Web sites are on the rise, as attackers look to push out malicious programs through so-called drive by download attacks.
Web based attacks have been one of the fastest growing areas of malicious activity in recent years, as more applications migrate to the Web and as users engage deeply with social networks like Facebook and Twitter. Flaws in key Web development platforms have also made it easier for malicious hackers to have their way with Web surfers. These include the recently disclosed vulnerabilities in Sun’s Java Web Start Framework and ASP.NET’s handling of encrypted cookies.
The .com domain continues to be popular among Web attackers. The .com and the .cn top level domain for Chinese Web sites accounted for the lion’s share of top level domains used by attackers in Q2, according to the Dasient report.
Structural vulnerabilities are a major cause of attack, said Neil Daswani, co-founder and Chief Technology Officer at Daswani. “You’ve got Web sites that rely on third party resources. When those compromised, it can really accelerate the spread of malware,” he said.
Daswani noted the heavy reliance on third party widgets as one area of concern. More than 75% of Web sites use widgets, including tools for traffic measurement or to deliver audio or video content through the site. Those widgets provide an avenue of attack – either directly, through the widget maker’s infrastructure, or indirectly, through DNS caching attacks against ISPs that redirect widget requests and traffic to a malicious Web site, Daswani said.
Third party ad networks are also vulnerable to attack, a phenomenon Dasient refers to as “malvertising,” which can result in even legitimate Web domains being used to serve drive by attacks, he said.
Companies need to invest in Web monitoring tools and also pay closer attention to updates and patches for third party widgets and tools they’ve deployed, he said.
The complexity of modern Web sites and Web services poses problems for companies that want to secure their site, as well as for those who are trying to investigate online crimes and other incidents. Researchers at the National Institute for Science and Technology (NIST) recently proposed the creation of Forensic Web Services tool that could gather evidence on Web based attacks and compromises.