Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Most malware now from legitimate sites

Could yours be on the list?

Article comments

Most websites serving up malware are legitimate according to a senior security researcher. Dan Hubbard, Websense's vice president of security research, said that for the first time, legitimate sites seized by hackers outnumber malicious ones.

According to data compiled by Websense, 51 percent of the sites it classified as malicious in the second half of 2007 had been compromised and then seeded with attack code that infected unpatched machines visiting the URLs. The remaining 49 percent were "intentionally built for malicious intent," the Websense report said.

Hacking legitimate sites to make them sling malware gives attackers instant advantages, said Hubbard. "It's a great vector because they don't need to drive users to the sites in many cases; they also get free hosting, of course, and [it's] hard to trace ownership," Hubbard said. "Additionally, if someone is allowing access based on reputation, then they may go undetected."

The win-win for hackers - who get a crack at the built-in audience that's composed of a hacked site's usual visitors - is a lose-lose for everyone else, a fact that's been proved by several prominent events where hacked sites spewed out malicious code.

A year ago, for example, the websites of Dolphin Stadium and the Miami Dolphins NFL team, host to Super Bowl XLI, were hacked so that they served visitors with malicious JavaScript that, in turn, tried to load a Trojan onto unpatched PCs.

Then in August 2007, the Bank of India, one of that country's largest banks, was also found hosting attack code after being hacked. Later, criminals associated with the notorious Russian Business Network, a St. Petersburg-based malware and hacking hosting network, were implicated in the Bank of India compromise.

The trend is accelerating, said Hubbard, who noted that the last report estimated that the share of malicious sites that were actually hacked legitimate domains was in the mid-30 percent range. In fact, a pair of recent mass hacks - one that compromised upward of 90,000 sites and another at least 10,000 - demonstrated the extent of the problem.

Hubbard echoed that with an estimate of the number of sites serving up attack code. "Counting sites can be a tricky game [because] there are sometimes entire domains we classify that have thousands of pages," he said. "However, it's safe to say that at any given time, we have more than 2.5 million in the malicious categories."

Sites are hacked in a variety of ways, said Hubbard, who noted that there is no one method that stands out. "[Compromises are] all over the place, unfortunately, [including] miss-configurations, no patches and so on."

A significant number of the sites, however, are compromised by the multi-exploit tool kits made infamous by Mpack and Neosploit. Websense estimates that 19 percent, or about one in five, of malicious sites were created or compromised using such tool kits.

"Exploit tool kits are being utilised more than ever," Hubbard said. "This can be a sign of increased sharing or increased numbers of sites that the same groups are attacking and infecting successfully."


More from Techworld

More relevant IT news


g said: This is a misrepresentation of the Hacker persona The computing industry known hackers laid much of the foundation for network computing Many exploit kits r created by companies or individuals are spreading because they are used by them to discover the security holes within their infrastructure Malware undefined is similar 2 large software sold by companies which does the same thing often 2 an extent if known would b considered malice by consumers Backdoors when reported by hackers media companies amp authors of software immediately claim malice by the hacker community when it has been the case since software has been in existence backdoors have always been purposely built in It is long standing viruses have been widely spread by legitimate companies The finger pointed shouldnt b directed 2 hackers but rather criminals or software amp service companies themselves for its those 2 groups who utilize the info most leaked amp extracted from malware not hackers

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *