A recent report
indicates that trusted sites are actually a major source of Web infectionsï¿¼meaning that in too many cases server security has taken a back seat to expediency.The news concerns a 13-page report
from Websense Security Labs, a San Diego-based security software firm, which covered the state of Internet security in the first half of 2008. The upshot of the report was that 75 percent of Web sites offering malicious code were not hacker sites but legitimate sites whose servers had been compromised. The rate of legitimate sites offering infections was up nearly 50 percent compared to the previous six months.
The report claimed that 60 of the top 100 most popular Web sites had hosted malware or otherwise been involved in its transmission during the first half of 2008.
The biggest factor appears to be the new-wave highly interactive Web 2.0 sites, which allow users to upload all the data that their hearts desire. Some of this data will inevitably contain malware, or is actually crafted as an infection, and the host is not geared to check for such things.
The report also complained that Web servers are increasingly under attack from persistent cross-site scripting (XSS) and SQL injection attacks, as well as DNS cache poisoning.
Obviously, if the big sites are having so many problems, no one is safe. Anyone with a Web server must take security seriously.