IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

407 Percent Increase in Compromise of Legitimate Web Sites

Hundreds of thousands of legitimate sites outfitted with malicious scripts and iframes designed to deliver password stealers and backdoors.

In a Security Brief issued Thursday, ScanSafe reported that 68 percent of all Web-based malware it blocked on behalf of its corporate customers in May was found on legitimate sites, up more than 407 percent compared to May 2007.

The increase is the result of an unprecedented series of attacks that have outfitted hundreds of thousands of legitimate sites with malicious scripts and iframes designed to silently deliver password stealers and backdoors to visitors' computers.

"The compromise techniques being used now allow hackers to quickly 'colonize' thousands of legitimate sites, from big brand name sites like Wal-Mart, to smaller but equally legitimate sites," says Mary Landesman, senior security researcher at ScanSafe.

The Security brief is based on a comparison of the Web-threat landscape in May 2007 --six months before these large scale attacks -- with data from May 2008. It is based on the more than 10 billion Web requests ScanSafe scans each month for its corporate customers in more than 60 countries.

Specifically, the company reported a 220 percent increase in the amount of Web-based malware -- viruses, Trojans, password stealers and other malicious code. The fastest growing category of threats is backdoor and password-stealing malware, which increased 855 percent from May 2007 to May 2008, putting sensitive corporate data at serious risk of theft.

The Web was riddled with compromised sites in May 2008, largely as a result of ongoing SQL injection attacks that began in late October 2007 affecting hundreds of thousands of Web sites. In parallel, another highly prolific series of attacks have been rendered through the use of stolen FTP credentials. Among legitimate sites compromised in May 2008 were Nature.com, Foofighterslive.com, Thecareercompany.co.uk, Acer.co.th, Webster.edu and Photopass.com.

"Over the last year malware authors have moved away from direct attacks-attacks in which they directly interact with victims, via social engineering for example-to indirect attacks accomplished through compromised Web sites. These indirect attacks not only leverage stealthier techniques, like the insertion of an invisible iframe, but they leverage legitimate, name brand sites that Web surfers implicitly trust. The net result is that you absolutely cannot assume that because you are on a brand name or well known site that it is a safe site. We've been saying this for some time but it bears repeating in light of this astronomical increase. Currently, thousands of legitimate sites are being compromised daily," says Landesman.