We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Sex sites out, IT sites in for cybercrooks planting malware

It's long been a tactic by cybercriminals to load up compromised websites with malware-laden links to snare victims, but instead of it being the sex sites as of old, the favored type of website now is for information technology, according to analysis in the Websense threat report out today.

According to analysis based on its ThreatSeeker technology and other means, 85% of malicious Web links last year were found on legitimate hosts that had been compromised, up from 82% the year before. Cybercriminals are finding the value in infiltrating computers of enterprises by subverting anything remotely related to information technology, from vendor websites to content like blogs and news, says Chris Astacio, research manager at Websense.

[ RELATED: .xxx launches porn search engine

MORE: How joining Google Gmail with encryption system helps high-tech firm to meet government security rules ]

In addition, businesses today that do Web filtering are usually blocking access to porn and gambling sites, whereas they're reluctant to limit access to any site related to IT because it might cut into productivity. After the category of "information technology," the most targeted websites for malware links were for "business and economy."

The top countries hosting malware are the United States, the Russian Federation and Germany, the report points out. And the top three "victim" countries are the U.S., France and the United Kingdom. And of course, spam remains the attacker's trajectory to reach victims, with only 1 in 5 emails considered safe or legitimate, according to the Websense report. The U.S. also must be counted as the top country for hosting phishing emails last year, followed by the Bahamas and Canada.

Once a victim's machine has been compromised, there's the likelihood that sensitive information would be transferred out of the enterprise network by the attacker through a system of so-called command and control (CnC) servers. In examining where these have been seen, Websense used a customized sandboxing method to detect attempted attacks against its customers. According to Websense, the top countries hosting CnC servers are China, the U.S. and Russia, which together are said to account for about half of all detected activity of this kind.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: [email protected]

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Best Photoshop Tutorials 2014: 10 inspiring step-by-step guides to creating amazing art,...

IDG UK Sites

Apple TV expert tips: get US Apple TV content, watch Google Play, use multiple Apple IDs and more