Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Massive increase in compromised web sites

ScanSafe : 05 June, 2008  (Technical Article)
ScanSafe reports a significant surge in hackers attacking legitimate web sites in an attempt to exploit user trust and gain confidential information
In a Security Brief, ScanSafe has reported that 68 per cent of all Web-based malware it blocked on behalf of its corporate customers in May was found on legitimate sites, up more than 407 per cent compared to May 2007.

The increase is the result of an unprecedented series of attacks that have outfitted hundreds of thousands of legitimate sites with malicious scripts and iframes designed to silently deliver password stealers and backdoors to visitors' computers.

"The compromise techniques being used now allow hackers to quickly 'colonize' thousands of legitimate sites, from big brand name sites like Wal-Mart, to smaller but equally legitimate sites," says Mary Landesman, senior security researcher at ScanSafe.

The Security brief is based on a comparison of the Web-threat landscape in May 2007—six months before these large scale attacks—with data from May 2008. It is based on the more than 10 billion Web requests ScanSafe scans each month for its corporate customers in more than 60 countries.

Specifically, the company reported a 220 per cent increase in the amount of Web-based malware—viruses, Trojans, password stealers and other malicious code. The fastest growing category of threats is backdoor and password-stealing malware, which increased 855 per cent from May 2007 to May 2008, putting sensitive corporate data at serious risk of theft.

The Web was riddled with compromised sites in May 2008, largely as a result of ongoing SQL injection attacks that began in late October 2007 affecting hundreds of thousands of websites. In parallel, another highly prolific series of attacks have been rendered through the use of stolen FTP credentials. Among legitimate sites compromised in May 2008 were,,,, and

"Over the last year malware authors have moved away from direct attacks—attacks in which they directly interact with victims, via social engineering for example—to indirect attacks accomplished through compromised websites. These indirect attacks not only leverage stealthier techniques, like the insertion of an invisible iframe, but they leverage legitimate, name brand sites that Web surfers implicitly trust. The net result is that you absolutely cannot assume that because you are on a brand name or well known site that it is a safe site. We've been saying this for some time but it bears repeating in light of this astronomical increase. Currently, thousands of legitimate sites are being compromised daily," says Landesman.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo