We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Sharp rise in legitimate sites serving malware

Most malware comes from legit domains

Internet users have been warned that the majority of websites serving up malware are legitimate domains that have been hacked by criminals.

According to data compiled by Websense, 51 percent of the sites it classified as malicious in the second half of 2007 had been compromised and then seeded with attack code that infected unpatched machines visiting the URLs. The remaining 49 percent were "intentionally built for malicious intent", the Websense report said.

This marks the first time that legitimate sites outnumber the malicious ones hackers purposefully set up to spread malware.

Hacking legitimate sites to make them sling malware gives attackers instant advantages, added Dan Hubbard, Websense's vice president of security research. "It's a great vector because they don't need to drive users to the sites in many cases; they also get free hosting, of course, and [it's] hard to trace ownership," Hubbard said. "Additionally, if someone is allowing access based on reputation, then they may go undetected."

The win-win for hackers - who get a crack at the built-in audience that's composed of a hacked site's usual visitors - is a lose-lose for everyone else, a fact that's been proved by several prominent events where hacked sites spewed out malicious code.

A year ago, for example, the websites of Dolphin Stadium and the Miami Dolphins NFL team, host to Super Bowl XLI, were hacked so that they served visitors with malicious JavaScript that, in turn, tried to load a Trojan on to unpatched PCs.

Then in August 2007, the Bank of India, one of that country's largest banks, was also found hosting attack code after being hacked. Later, criminals associated with the notorious Russian Business Network, a St Petersburg-based malware and hacking hosting network, were implicated in the Bank of India compromise.

The trend is accelerating, said Hubbard, who noted that the last report estimated that the share of malicious sites that were actually hacked legitimate domains was in the mid-30 percent range. In fact, a pair of recent mass hacks - one that compromised upward of 90,000 sites and another at least 10,000 - demonstrated the extent of the problem.

Hubbard echoed that with an estimate of the number of sites serving up attack code. "Counting sites can be a tricky game [because] there are sometimes entire domains we classify that have thousands of pages," he said. "However, it's safe to say that at any given time, we have more than 2.5 million in the malicious categories."

Sites are hacked in a variety of ways, said Hubbard, who noted that there is no one method that stands out. "[Compromises are] all over the place, unfortunately, [including] miss-configurations, no patches and so on."

A significant number of the sites, however, are compromised by the multi-exploit tool kits made infamous by Mpack and Neosploit. Websense estimates that 19 percent, or about one in five, of malicious sites were created or compromised using such tool kits.

"Exploit tool kits are being utilised more than ever," Hubbard said. "This can be a sign of increased sharing or increased numbers of sites that the same groups are attacking and infecting successfully."

For more security news, reviews and tutorials, see Security Advisor


IDG UK Sites

Nexus 6 vs Sony Xperia Z3 comparison: Lollipop phablet takes on KitKat flagship smartphone

IDG UK Sites

Why people aren't upgrading to iOS 8: new features are for power users, not the average Joe

IDG UK Sites

Free rocket & space sounds: NASA launches archive of interstellar audio on SoundCloud

IDG UK Sites

iPad Air 2 review: Insanely fast and alarmingly thin. Speed tests, camera tests, beautiful...