Feeds

Mass web infections spike to 6 million pages

640k sites out to get you

Boost IT visibility and business value

An estimated 5.8 million pages belonging to 640,000 websites were infected with code designed to launch malware attacks on visitors, according to a report released Tuesday.

The numbers, compiled over the third quarter by security firm Dasient, represent a significant jump in number of legitimate websites that have been compromised. According to numbers Microsoft released on April, some 3 million pages were infected. The number of sites blocked by Google more than doubled between December and August, to almost 350,000.

"The bad guys are significantly taking advantage of attacking servers so they can distribute their malware to a very, very large number of clients," said Dasient co-founder Ameet Ranadive. "A lot of these infections are complex and often pretty obfuscated, so it's difficult for experienced webmasters to figure out what parts of their site have been infected and then to remediate it."

To understand just how hard it is for webmasters to clean up the mess, consider this: In the third quarter, 39.6 percent of compromised sites had been reinfected after trying earlier to clean up the malware. Criminals are often able to attack a site repeatedly because webmasters fail to change passwords or patch vulnerable web applications that led to the initial exploit.

Eleven days ago, ScanSafe, a separate security firm that announced Tuesday it is being acquired by Cisco, reported that more than 2,000 websites were compromised by a mass web infection known as Gumblar. Many of those sites were likely hit in earlier waves and simply reinfected, a ScanSafe researcher said at the time.

An estimated 54.8 percent of the attacks observed by Dasient involved malicious javascript that was injected into compromised sites. iFrames that silently redirected users to malicious sites came in second at 37.1. Dasient has cataloged more than 72,000 unique malware infections involving websites.

The attacks are growing in popularity because they allow criminals to reach large numbers of victims with a minimum amount of effort. For end users who fail to install the latest versions of Adobe Reader, Adobe Flash and other software on their machines, the attacks often result in a "browse and get compromised" scenario, in which their systems are surreptitiously infected simply by visiting the site.

"Hackers are starting to see some success from these attacks and whenever they see success, they continue to invest more," Ranadive said. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?