Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Most malware comes from legit sites, says researcher

51% of sites spreading malicious code have been hacked

By Gregg Keizer
Comments
6
Recommended
103

Active Comments

Matt says: Another pointless statement of the bleedin' obvious......
Read the rest | Reply
Anonymous says: as when google started de-listing / warning on sites where they detected malware, many site owners were in denial, called...
Read the rest | Reply
All Comments (6) | Post New


Zone

Featured Zone
The Security Zone

With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical...

Learn more in The Security Zone
See All Zones

January 23, 2008 (Computerworld) The majority of Web sites serving up attack code are legitimate domains that have been hacked by criminals, a security researcher said in a report released today. It's the first time that legitimate sites outnumber the malicious ones hackers purposefully set up to spread malware.

According to data compiled by Websense Inc., 51% of the sites it classified as malicious in the second half of 2007 had been compromised and then seeded with attack code that infected unpatched machines visiting the URLs. The remaining 49% were "intentionally built for malicious intent," the Websense report said.

Hacking legitimate sites to make them sling malware gives attackers instant advantages, added Dan Hubbard, Websense's vice president of security research. "It's a great vector because they don't need to drive users to the sites in many cases; they also get free hosting, of course, and [it's] hard to trace ownership," Hubbard said. "Additionally, if someone is allowing access based on reputation, then they may go undetected."

The win-win for hackers -- who get a crack at the built-in audience that's composed of a hacked site's usual visitors -- is a lose-lose for everyone else, a fact that's been proved by several prominent events where hacked sites spewed out malicious code.

A year ago, for example, the Web sites of Dolphin Stadium and the Miami Dolphins NFL team, host to Super Bowl XLI, were hacked so that they served visitors with malicious JavaScript that, in turn, tried to load a Trojan onto unpatched PCs.

Then in August 2007, the Bank of India, one of that country's largest banks, was also found hosting attack code after being hacked. Later, criminals associated with the notorious Russian Business Network, a St. Petersburg-based malware and hacking hosting network, were implicated in the Bank of India compromise.

The trend is accelerating, said Hubbard, who noted that the last report estimated that the share of malicious sites that were actually hacked legitimate domains was in the mid-30% range. In fact, a pair of recent mass hacks -- one that compromised upward of 90,000 sites and another at least 10,000 -- demonstrated the extent of the problem.

Hubbard echoed that with an estimate of the number of sites serving up attack code. "Counting sites can be a tricky game [because] there are sometimes entire domains we classify that have thousands of pages," he said. "However, it's safe to say that at any given time, we have more than 2.5 million in the malicious categories."

Sites are hacked in a variety of ways, said Hubbard, who noted that there is no one method that stands out. "[Compromises are] all over the place, unfortunately, [including] miss-configurations, no patches and so on."

A significant number of the sites, however, are compromised by the multi-exploit tool kits made infamous by Mpack and Neosploit. Websense estimates that 19%, or about one in five, of malicious sites were created or compromised using such tool kits.

"Exploit tool kits are being utilized more than ever," Hubbard said. "This can be a sign of increased sharing or increased numbers of sites that the same groups are attacking and infecting successfully."



Make a Comment Recommend Story Slashdot this Digg this
Print Story Send Feedback Email this Reprints

Related Content

Webcast: Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management
Whitepaper: 2008 Internet Malware Trends Report

CW Report: Six Questions To Ask About Information And Competition
Hackers leverage Obama win for massive malware campaign
Websense warns of new cyberattack that holds files hostage
Hackers jack thousands of sites, including U.N. domains
Most Malware Is Launched From Legit Web Sites
Spammers cloak scams by redirecting through Google services

Today's Top Stories

Microsoft moves to quash 'Vista Capable' case, end flood of embarrassing e-mails
Bush's exit to put new e-records system to the test
BlackBerry Storm buyers brave the cold in Boston to be first with the new smart phone
Apple patches 12 iPhone bugs, adds Street View, podcast downloads
Microsoft purges phony security software from 1 million PCs
Obama's choice for DHS could flame tech visa battle

What People Are Saying

See comments | Add new
See comments | Add new

Resource Alerts

to receive Security Resource Alerts

Webcasts

The Secure Web Gateway. Mission Critical For Business

Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare

Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management

Whitepapers

Go Green with Webroot® Perimeter Security SaaS!

Security Trends Overview: Targeted Phishing Attack

2008 Internet Malware Trends Report

Computerworld Reports

Computerworld Report- Large Enterprises Pay More for IPAM

An Apple for Your Enterprise?

Six Questions To Ask About Information And Competition

Editor's Picks

Microsoft moves to quash 'Vista Capable' case, end flood of embarrassing e-mails

Bush's exit to put new e-records system to the test

BlackBerry Storm buyers brave the cold in Boston to be first with the new smart phone

Apple patches 12 iPhone bugs, adds Street View, podcast downloads

Microsoft purges phony security software from 1 million PCs

Obama's choice for DHS could flame tech visa battle

Shark Bait
View Shark BaitFired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.

New baits
Shark Bait
Webcast

Turning information into a Competitive Advantage "Turning information into a Competitive Advantage"

Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage.

View this webcast now! more

See more Webcasts more
TODAY'S TOP BLOG
Steven J. Vaughan-Nichols Steven J. Vaughan-Nichols: 64-Bit Linux Adobe Flash Player: Surprisingly good When Adobe decided it was time to provide a 64-bit Flash Player, they released it on Linux and Solaris. Wow. [more]
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Infoblox IP Address Management Solutions Brief
2008 Internet Malware Trends Report
Enterprise Findability Without the Complexity
View more whitepapers 
 


Webcast: The Automation of IT Compliance Programs: Reducing Risk, Cost and Complexity of Corporate Compliance
To meet the growing number of industry and federal regulations, businesses spend significant time, effort, and budget determining how to best meet continuously evolving IT compliance requirements this new Forrester Research and Juniper Networks Webcast led by industry experts who examine global IT security and compliance trends, common IT compliance issues and challenges, and best practices for successful IT compliance programs.

View this webcast 
Whitepaper: Tackling the Top Five Network Access Control Challenges
The major challenge enterprises face today is how to create innovative business models and to increase productivity by opening the network to a dynamic workforce, while at the same time protecting critical assets from the vulnerabilities that openness and user mobility bring. In addition, to comply with industry and governmental regulations, enterprises must prove that they have stringent controls in place to restrict access to sensitive data. This paper describes the top five networking access control challenges that companies like yours are facing and solutions that they are deploying today.

Download this white paper 
Whitepaper: Addressing PCI Compliance with a Comprehensive Network Access Control Solution
The Payment Card Industry (PCI) is one of the most comprehensive data security standards in a cluster of regulations that have emerged over the past decade. Meeting its requirements is both complicated and expensive for many companies. Learn how a comprehensive access control solution allows retailers and consumer organizations adhere to the core tenets of PCI, and delivering the necessary information and reports needed for compliance audits.
Download this white paper 
Whitepaper: Control System Cyber Vulnerabilities and Mitigation of Risk for Utilities
Today's global industrial infrastructure includes thousands of electric utilities, water/wastewater management companies, oil and gas suppliers, chemical manufacturers and other facilities critical to daily functioning. Learn why relying on off-the-shelf operating systems and Internet-based remote access control to carry out production tasks, traditional control networks can leave today's global industrial infrastructures vulnerable to hackers, extortionists, worms, viruses and application-level attacks. Deploying network-based security can protect these at-risk systems–without requiring infrastructure replacement.
Download this white paper 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.