Global internet security company Websense has found an alarming 233% growth in the number of malicious websites in the last six months and a 671% growth during the last year. It said this in its latest biannual State of Internet report. Nearly 77% websites with malicious code are legitimate sites that have been compromised. This remains unchanged from the last six-months. Approximately 61% of top 100 sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. Nearly 95% of user-generated comments to blogs, chat rooms and message boards are spam or malicious.
According to the report, 50% of web pages linked to websites categorised as ?sex? also served malicious content. As many as 69% of web pages having objectionable content (eg. sex, adult content, gambling, drugs) had at least one malicious link. At least 78% of new web pages discovered in H1 2009 with any objectionable content had at least one malicious link.
On email security side, it was found that 87.7% of messages were spam. This represents a 3% increase over the last six months. At least 85.6% of all unwanted emails in circulation during this period contained links to spam sites and/or malicious websites. Shopping remained the leading topic of spam (28%), followed closely by cosmetics (18.4%), medical (11.9%) and education (9.5%). Education themed spam has nearly doubled over the previous period and may be related to the recession as spammers seek to exploit people looking to gain new skills or obtain fake qualifications to help their job prospects.
On the data security side, 37% of malicious web/http attacks included data-stealing code. This remains unchanged from the last six-month period. Nearly 57% of data-stealing attacks are conducted over the web. This number has stayed consistent over the six-month period.
Blended threats continued to dominate the security landscape in the first half of 2009 with 85.6% of all unwanted emails in circulation during this period containing links to spam sites and/or malicious websites. These threats have continued in the past year and further illustrate that web security intelligence is a critical component of email and data security.
Web 2.0 sites (sites that allow user-generated content) comprise many of the most visited sites on the Internet. The very aspects of Web 2.0 sites that have made them so revolutionary?the dynamic nature of content on the sites, the ability for anyone to easily create and post content and the trust that users have for others in their online networks?are the same characteristics that radically raise the potential for abuse.
Web 2.0 sites are increasingly being used to carry out a wide range of attacks. In January, hackers targeted Twitter users in a bid to steal account information. The hackers exploited the trust that Twitter users place in their network of friends and followers by using the direct message function to send phishing lures to followers.
According to the report, efforts to self-police these Web 2.0 properties have also been largely ineffective. Websense research during the period showed that community-driven security tools (asking users to report inappropriate content) on sites like YouTube and BlogSpot are 65% to 75% ineffective in protecting web users from objectionable content and security risks. Even the trusted social networking site Facebook was not immune to web-based threats, with the Koobface attack and other rogue applications created to steal Facebook users? login credentials.
Websense Security Labs research also discovered that more than 2,00,000 phony copycat sites have been created, all including the terms Facebook, MySpace or Twitter in their URLs. These sites are created by fraudsters seeking to take advantage of the huge number of users of social networking sites.
