From July until September, approximately 640,000 different websites — and a total of 5.8 million pages on those sites — were infected to distribute malware, Dasient found through studying data collected on its malware analysis platform.
Those numbers represent a noticeable spike compared to data published by Microsoft in April that found approximately three million web pages were infected with malware during the third quarter of 2008, Ameet Ranadive, co-founder of Dasient, told SCMagazineUS.com on Tuesday.
“The problem is large and growing substantially,” Ranadive said.
In addition, more than 39 percent of sites that were infected, but removed the malware, were re-infected during the same quarter, Ranadive said. Attackers use automated processes to target vulnerabilities on websites. So if the website vulnerability is not mitigated, re-infection could occur. Attackers also sometimes use stolen FTP credentials to infect sites, he said.
The threat posed by infected websites has received considerable attention from security firms over the past year. In July, researchers from security firm Sophos said that infected websites were the single biggest threat during the first half of the year. And in August, Symantec experts discovered that the most dangerous sites on the web are propagating an average of 18,000 different pieces of malware.