It’s not been a great year for Web security, so far. First we learn that HackerSafe isn't so hacker safe, after all. Then we find out that hackers have found a way to automatically redirect most home routers to wherever they wish. And now it seems that so-called legitimate Web sites may not be so "legitimate" (or at least safe) after all.

It's apparently so easy to infect existing Web sites that there’s decreasing need for criminals to set up shill sites. At least that's the takeaway from a recent report published by security vendor Websense, which attempts to examine security trends for the second half of last year.

In fact, 51% of Web sites infected with malicious code are actually legitimate, but compromised, Web sites. This is actually a stark increase from the 30% or so of infected legitimate sites the company reported for the first half of 2007.

So this means that miscreants -- because the Web site security and development practices of conventional businesses are negligent -- don't even have to go through the trouble of developing and hosting a Web site, or even the bother of deluging everyone with spam designed to lure folks to a Web site trap.

No, all they have to do is find a trusted site that's already vulnerable. And that, unfortunately, seems all too easy.