Iframe, which works by injecting malicious code onto Web pages, has again topped the chart, accounting for nearly two thirds of the world's infected Web pages. Earlier this month, an Iframe attack on multiple Italian Web sites occurred, making headlines around the world. More than 10,000 Web pages were infected, most of which were on legitimate but compromised Web sites hosted in Italy. Victim Web sites included Italian city councils, employment services and tourism sites. Most of the affected pages appear to be hosted by one of the largest ISPs in Italy.
"The Italian Iframe attack should certainly act as a wake-up call to ISPs across the globe," said Carole Theriault, senior security consultant at Sophos. "Malicious code dumped on these Web sites is just waiting to pounce on innocent surfers. Web sites should be as secure as Fort Knox, but at the moment, too many Web pages are easy pickings for cybercriminals."
While China retains its position at the top of the Top Ten List of countries hosting malware-infected Web pages in June, Italy is a new entry and this is largely due to the Iframe attack. ObfJS, which was the second most prevalent Web-based threat this month, also contributed to Italy's status in the top ten, following a potent attack on a popular, legitimate Web page early in June.
"The fact that China is responsible for such a hefty proportion of the world's infected Web pages, should not make other countries rest on their laurels," continued Theriault. "Italy's rise into the top ten highlights the need for countries around the world to educate ISPs and Web site administrators to ensure they are properly secured against Web threats."
Interestingly, Iframe's appearance in the e-mail-based chart demonstrates that it is not limited to only infecting via the Web. Hackers can embed the malware into e-mails using HTML to exploit users.
