Malicious sites


Legitimate Sites Fertile Ground for Malware

The Web is a dirty, hostile place not fit for use by most decent people, a place where even many seemingly legitimate sites are infested with malware, password-stealing Trojans and all manner of other nasty applications. And it’s getting worse by the minute, according to a new threat report from Websense.

IBM Finds Sharp Spike in Malware on Trusted Sites

The most trusted websites, such as search engines, mainstream news sites and some blogs, are increasingly at risk of hosting malicious links that pass malicious code to their visitors, according to the latest data collected by researchers with IBM’s X-Force security team.
The report [ibm.com] outlines a sharp increase in new malicious Web links and consistent attacks against Web applications that could undermine the security of some database servers.  Read the full story  [techtarget.com]


From The H Security
A vulnerability in WebKit can be exploited by an attacker to crash a tab or execute arbitrary code in Google Chrome due to a memory corruption issue in WebKit’s handling of recursion in certain DOM event handlers. For an attack to be successful, a victim must first visit a maliciously crafted website. The malicious code, however, will be sandboxed, limiting the damage that an attacker can do when exploiting the vulnerability. Nonetheless, Google considers the vulnerability to be a high risk. Read the full story [h-online.com]

Security researchers are starting to sound the alarm [avertlabs.com] for e-mail scams related to news stories on the Swine Flu.
According to a notice from US-CERT, the attacks arrive via an unsolicited email message typically containing a subject line related to the Swine Flu. These email messages may contain a link or an attachment. If users click on this link or open the attachment, they may be directed to a phishing website or exposed to malicious code. Read the full advisory [us-cert.gov] for protection advice.

From PC Advisor (Carrie-Ann Skinner)

More than 80 percent of websites that had been poisoned with malicious code between 2008 and 2009 were removed within 24 hours, says AVG.

The security vendor’s Web Threat Profile Report estimated that on any one day between 8 and 14 million web users are being exposed to social engineering scams, such hoax Facebook pages or rogue security apps that encourages surfers to download malicious software to their PC. Read the full story [cio.com]

By Vivian Yeo, ZDNet Asia

The threat from Web-based malware is growing at a rapid pace, with nearly 200 percent more malicious sites [zdnet.com] identified this month, according to a new report from MessageLabs.
Released Tuesday, the MessageLabs Intelligence Report revealed that 2, 797 new Web sites hosting malicious content including spyware, were blocked by the security vendor in March, a 200 percent jump over the previous month.
Read the full story [zdnet.com]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.