“Most users think the malicious sites are all in China and Russia and they are not the websites they are visiting every single day,” Stephan Chenette, manager of security research at Websense, told SCMagazineUS.com on Wednesday.
Websense today released its "State of Internet Security," which covers the last half of 2008.
The study shows that cybercriminals are not just luring users to sites they've specially created to carry out their exploits, they are compromising legitimate ones as well. And, the majority of the most popular, legitimate sites on the web have been compromised, the report states.
Of the top 100 most popular sites on the web, 70 percent are either hosting malicious content or contain a hidden redirect -- a figure that increased by 16 percent over the first half of 2008. The number of legitimate websites compromised with malicious content exceeds the amount of sites specifically created by cybercriminals specifically to carry out their exploits, the report states.
“With their large user base, good reputations and support of Web 2.0 applications, these [legitimate] sites provide malicious code authors with abundant opportunity,” the report states.
The top 100 sites that get the most traffic on the web predominantly fall into two categories -- search engines or social networking sites. The latter aims to attract users by offering free accounts, but not just legitimate users are signing up.
“Last year we saw attackers creating accounts on an automated basis so they can create as many as possible,” Chenette said.
Forty-five percent of the 100 most popular sites on the web allow user-generated content, a feature of Web 2.0 that opens up multiple avenues of opportunity for an attacker, Chenette said. Cybercriminals can post malicious links or multimedia files or send malicious emails to users. Sites that allow user-generated content are the most active distributors of malicious content, the report said.
Overall, the number of malicious websites -- both compromised legitimate sites and specially crafted exploit sites -- increased by 46 percent in the second half of 2008, an all-time high.
“That's a huge increase,” Chenette said. “We saw an enormous amount of change in the amount of malicious webpages.”
In early January, a phishing campaign on the social networking site Twitter caused thousands of users to potentially have their accounts hijacked and passwords taken. Also recently, the Koobface worm has been rampant on Facebook, infecting users though spammed messages that seem to be coming from friends. After following the link contained in the email, users were redirected to a compromised host.