Report: More Than 1 Million Web Sites Serving Malware in Q2

Web anti malware firm Dasient has published data claiming that more than 1 million Web sites were compromised in the second quarter, 2010 – a sharp increase. 

Web anti malware firm Dasient has published data claiming that more than 1 million Web sites were compromised in the second quarter, 2010 – a sharp increase. 

More than one million Web domains were infected with malicious code in the second quarter of 2010 – around one percent of all active Web domains, according to data released by Web security firm Dasient, Inc. 

The number of infected domains was extrapolated from data gained through a sample scan of what Dasient describes as “millions of Web sites,” as well as from customer deployments. It suggests that compromises of Web sites are on the rise, as attackers look to push out malicious programs through so-called drive by download attacks.

Web based attacks have been one of the fastest growing areas of malicious activity in recent years, as more applications migrate to the Web and as users engage deeply with social networks like Facebook and Twitter. Flaws in key Web development platforms have also made it easier for malicious hackers to have their way with Web surfers. These include the recently disclosed vulnerabilities in Sun’s Java Web Start Framework and ASP.NET’s handling of encrypted cookies.  

The .com domain continues to be popular among Web attackers. The .com and  the .cn top level domain for Chinese Web sites accounted for the lion’s share of top level domains used by attackers in Q2, according to the Dasient report. 

Structural vulnerabilities are a major cause of attack, said Neil Daswani, co-founder and Chief Technology Officer at Daswani. “You’ve got Web sites that rely on third party resources. When those compromised, it can really accelerate the spread of malware,” he said.

Daswani noted the heavy reliance on third party widgets as one area of concern. More than 75% of Web sites use widgets, including tools for traffic measurement or to deliver audio or video content through the site. Those widgets provide an avenue of attack – either directly, through the widget maker’s infrastructure, or indirectly, through DNS caching attacks against ISPs that redirect widget requests and traffic to a malicious Web site, Daswani said. 

Third party ad networks are also vulnerable to attack, a phenomenon Dasient refers to as “malvertising,” which can result in even legitimate Web domains being used to serve drive by attacks, he said. 

Companies need to invest in Web monitoring tools and also pay closer attention to updates and patches for third party widgets and tools they’ve deployed, he said. 

The complexity of modern Web sites and Web services poses problems for companies that want to secure their site, as well as for those who are trying to investigate online crimes and other incidents. Researchers at the National Institute for Science and Technology (NIST) recently proposed the creation of Forensic Web Services tool that could gather evidence on Web based attacks and compromises.

Suggested articles

Discussion

  • Anonymous on

    Is there a reason you're not linking to the report?
  • Anonymous on

    Is it possible to check if a website is infected with an on line service? Then you can stay away from it...

  • Anonymous on

    web of trust

  • Anonymous on

    running http://www.admuncher.com/ will prevent these infected sites from causing any problem on the user's end.

     

  • Anonymous on

    How do we know that this site in not infected?  Oh God!  Everything is going black....

  • Anonymous on

    malwarebytes works well it is free-hippo downloads or download at callnerds in their blog section

  • Jeff in Singapore on

    Breathless Sensationalism at its Finest!!!!

    I'm always amused by reports such as this that

    1. don't link to the original report;
    2. don't describe a trustworthy methodology for the 'survey';
    3. use the word "extrapolated", particularly in relation to the earlier points;
    4. mix customer and non-customer data in a way seemingly designed as a sales pitch.
    Seems to me that the word "Report" in the headline should be replaced by "Advertisement."

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.