Software // Information Management
News
7/2/2007
01:20 PM
Connect Directly
RSS
E-Mail
50%
50%

Nearly 30,000 Malicious Web Sites Appear Each Day

While researchers are simply getting better at finding the malicious sites, Sophos reports that hackers are increasingly turning to Web-borne malware -- in great numbers.

The number of malicious Web sites has skyrocketed over the past few months, going from 5,000 new ones a day in April to nearly 30,000 a day now.

"This certainly is a huge increase," said Carole Theriault, a senior security consultant with Sophos, in an e-mail to InformationWeek. "In June, we saw it climb to 9,500 a day and then this huge jump up 29,000."

Theriault said there is a two-pronged reason for the remarkable increase.

One reason is that hackers are increasingly turning away from e-mail as their preferred method of spreading malware and putting their focus on the malicious Web site. In some cases, they're creating their own malicious Web sites, but in most cases they're hacking into legitimate sites and embedding malware into them.

According to Sophos, researchers are finding 29,700 new infected Web pages every day, and 80% of them are legitimate sites that have been compromised.

The IFrame malware was a major Web site infector in June.

IFrame, which injects malicious HTML files onto Web pages, actually topped Sophos' chart for June's Top 10 Web Threats, accounting for nearly two-thirds of the world's infected Web pages. Earlier this month, hackers used the IFrame to attack multiple Italian Web sites. Sophos reported that more than 10,000 Web pages were infected in the attack, most of which were on compromised legitimate sites hosted in Italy. Victim Web sites included Italian city councils, employment services, and tourism sites. Most of the affected pages appear to be hosted by one of the largest ISPs in Italy, Sophos noted.

"The Italian IFrame attack should certainly act as a wake-up call to ISPs across the globe," said Theriault, senior security consultant at Sophos. "Malicious code dumped on these Web sites is just waiting to pounce on innocent surfers. Web sites should be as secure as Fort Knox, but at the moment, too many web pages are easy pickings for cybercriminals."

However, Theriault also noted that another reason the number of newly found malicious sites has jumped so dramatically is that researchers simply are getting better at finding them. With so many Web sites out there to scan, finding the malicious ones can be a daunting job. But the more researchers do it, they better they get at it.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.