While researchers are simply getting better at finding the malicious sites, Sophos reports that hackers are increasingly turning to Web-borne malware -- in great numbers.
The number of malicious Web sites has skyrocketed over the past few months, going from 5,000 new ones a day in April to nearly 30,000 a day now.
"This certainly is a huge increase," said Carole Theriault, a senior security consultant with Sophos, in an e-mail to InformationWeek. "In June, we saw it climb to 9,500 a day and then this huge jump up 29,000."
Theriault said there is a two-pronged reason for the remarkable increase.
One reason is that hackers are increasingly turning away from e-mail as their preferred method of spreading malware and putting their focus on the malicious Web site. In some cases, they're creating their own malicious Web sites, but in most cases they're hacking into legitimate sites and embedding malware into them.
IFrame, which injects malicious HTML files onto Web pages, actually topped Sophos' chart for June's Top 10 Web Threats, accounting for nearly two-thirds of the world's infected Web pages. Earlier this month, hackers used the IFrame to attack multiple Italian Web sites. Sophos reported that more than 10,000 Web pages were infected in the attack, most of which were on compromised legitimate sites hosted in Italy. Victim Web sites included Italian city councils, employment services, and tourism sites. Most of the affected pages appear to be hosted by one of the largest ISPs in Italy, Sophos noted.
"The Italian IFrame attack should certainly act as a wake-up call to ISPs across the globe," said Theriault, senior security consultant at Sophos. "Malicious code dumped on these Web sites is just waiting to pounce on innocent surfers. Web sites should be as secure as Fort Knox, but at the moment, too many web pages are easy pickings for cybercriminals."
However, Theriault also noted that another reason the number of newly found malicious sites has jumped so dramatically is that researchers simply are getting better at finding them. With so many Web sites out there to scan, finding the malicious ones can be a daunting job. But the more researchers do it, they better they get at it.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.