The latest research from Websense Security Labs paints a dreary but familiar picture of the state of online security threats. Echoing the bad news of other such recent reports, it seems the vast majority of the Web consists of malware and spam. Worse yet, even legitimate, well-known sites are being used to pump malware, SEO poisoning, or phishing attacks.
Websense uses a global network of systems to scan and analyze over 40 billion websites every hour, tracking malware and other unwanted content. The results for the latter half of 2009 show a 225 percent increase in malicious websites. Worse, 71 percent of websites found to contain some malicious code were in fact legitimate websites that had been compromised in some way.
One way that hackers are infiltrating the Web is by "SEO poisoning," or using SEO techniques to pump up the ranking of malicious websites in search results to make them appear legitimate. On average, 14 percent of top search results for a given "hot" topic on Google led to a malicious website.
This method has proven fairly successful, since it can easily adapt to changing search trends and get around detection. Malicious websites looking to cash in on "Google Wave invites" can use botnets to artificially inflate search rankings. As soon as the sites are discovered and filtered from search results, botnets can be instructed to move on to the next hot topic, such as "MTV VMA awards" or "Brittany Murphy death."
Still, hackers and spammers are increasingly going after legitimate websites, which already appear in top search results and often are considered "safe" or "trusted" by security filters. The top 100 most-visited websites represent the vast majority of Web traffic, and consist mainly of social networking and search sites. Malware is injected via "user-generated content," such as news items, posted links, and comments.
Spotting a spam comment used to be quite easy, but separating the wheat from the chaff is becoming more and more difficult. Websense analysis revealed that 95 percent of all user-generated content is spam, malware, or both. (The notion that the Internet could be the great equalizer turned out to be true after all; unfortunately, it's mostly making suckers out of all of us.)
Attacks are also becoming more and more sophisticated and targeted. E-mail is still largely spam, about 85 percent, but 81 percent also contains links to malicious websites. In the second half of 2009, hackers used exploits in Internet Explorer, Outlook Web Access, and hacked Hotmail, Gmail, and Yahoo accounts to send ever-more personalized e-mails, which can fool the receiver into believing the e-mail came from a legitimate source. These e-mails will then link back directly to malware or phishing sites, or indirectly by linking to content on a legitimate site that leads to a malicious website.
Savvy users who maintain constant vigilance may not have too much trouble spotting attempts to hijack legitimate content. Ultimately, however, the increases in malicious websites or content that appear to be legitimate simply make it harder and harder for the average person to know who, or what, to trust online. And when just five percent of user-generated content isn't spam or malware, many may question the utility of bothering to discern a difference.
Source: ars technica