From July until September, approximately 640,000 different websites — and a total of 5.8 million pages on those sites — were infected to distribute malware, Dasient found through studying data collected on its malware analysis platform.
Those numbers represent a noticeable spike compared to data published by Microsoft in April that found approximately three million web pages were infected with malware during the third quarter of 2008, Ameet Ranadive, co-founder of Dasient, told SCMagazineUS.com on Tuesday.
“The problem is large and growing substantially,” Ranadive said.
During August, for example, more than 56,000 sites were compromised via SQL injection to embed a malicious IFRAME that attempted to load a number of exploits onto a victim's PC, including backdoors, password stealers and downloaders, web security firm ScanSafe has reported.
Often, numerous pages on a single website are infected – making it hard for website administrators to locate all the malware and clean up the infection, Ranadive said. During the third quarter, newly infected sites with more than 10 pages had malware on an average of 19 percent of pages.
In addition, more than 39 percent of sites that were infected, but removed the malware, were re-infected during the same quarter, Ranadive said. Attackers use automated processes to target vulnerabilities on websites. So if the website vulnerability is not mitigated, re-infection could occur. Attackers also sometimes use stolen FTP credentials to infect sites, he said.
The threat posed by infected websites has received considerable attention from security firms over the past year. In July, researchers from security firm Sophos said that infected websites were the single biggest threat during the first half of the year. And in August, Symantec experts discovered that the most dangerous sites on the web are propagating an average of 18,000 different pieces of malware.