Malware

New data shows website hacks continue to grow unabated

More than two million more web pages were infected with malware during the third quarter of 2009 compared to the same quarter last year, according to data gathered by web anti-malware vendor Dasient.

From July until September, approximately 640,000 different websites — and a total of 5.8 million pages on those sites — were infected to distribute malware, Dasient found through studying data collected on its malware analysis platform.

Those numbers represent a noticeable spike compared to data published by Microsoft in April that found approximately three million web pages were infected with malware during the third quarter of 2008, Ameet Ranadive, co-founder of Dasient, told SCMagazineUS.com on Tuesday.

“The problem is large and growing substantially,” Ranadive said.

Attackers have found that delivering malware through infected web pages is a successful tactic and have ramped up their efforts as a result, Ranadive said. Legitimate sites infected with malware could potentially be placed on blacklists, lose traffic and revenue, and suffer brand and reputation damage.

Of the sites compromised during the third quarter of this year, 54 percent were infected with malicious JavaScript code and 37 percent were infected with a malicious IFRAME, Neil Daswani, co-founder of Dasient, told SCMagazineUS.com on Tuesday.

During August, for example, more than 56,000 sites were compromised via SQL injection to embed a malicious IFRAME that attempted to load a number of exploits onto a victim's PC, including backdoors, password stealers and downloaders, web security firm ScanSafe has reported.

Often, numerous pages on a single website are infected – making it hard for website administrators to locate all the malware and clean up the infection, Ranadive said. During the third quarter, newly infected sites with more than 10 pages had malware on an average of 19 percent of pages.

In addition, more than 39 percent of sites that were infected, but removed the malware, were re-infected during the same quarter, Ranadive said. Attackers use automated processes to target vulnerabilities on websites. So if the website vulnerability is not mitigated, re-infection could occur. Attackers also sometimes use stolen FTP credentials to infect sites, he said.

The threat posed by infected websites has received considerable attention from security firms over the past year. In July, researchers from security firm Sophos said that infected websites were the single biggest threat during the first half of the year. And in August, Symantec experts discovered that the most dangerous sites on the web are propagating an average of 18,000 different pieces of malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.