Instead of putting up their own Websites, malicious hackers are now focusing their efforts on corrupting legitimate sites. A survey released today, and conducted between January and June by Websense, found that hackers compromised 50 percent more legitimate Websites during this period than between July and December 2007.
According to the study by messaging and data protection vendor Websense, more than 75 percent of Websites containing malicious code are legitimate sites that have been infected. The survey found that 60 of the 100 most popular Websites either hosted, or were involved in, malicious activity between January and June 2008.
These sites are overwhelmingly social networking or search sites, such as search engines. They let users upload third-party applications, and many malware writers take advantage of this.
According to the Websense survey, hackers are mainly targeting the top 100 Websites, especially the Web 2.0 elements of these sites. "Web 2.0 sites are completely dynamic sites that change on a day to day basis, allowing user-uploadable content and tool uploads from third party sites," Stephan Chenette, manager of Websense Security Labs, told InternetNews.com.
"That's cool but it opens them up to attacks." More than 45 percent of the top 100 sites support user generated content.
That's going to be a problem for enterprises that want to set up social networks within their firewalls. "I can put up the latest interesting movie in Adobe Flash on my social page with malware embedded in it and, if you access the movie but don't have the latest software patches, I'll be able to exploit you," Chenette said.
While the use of Web 2.0 technologies in corporations typically happens behind the firewall and involves the posting of, and collaboration on, company data, enterprises should keep a close eye on matters, Charles King, principal at analyst firm Pund-It, told InternetNews.com. "There probably should be regulations about the type of personal data that individuals could or should upload to sites like that," he added.
The trend towards working from home and having a mobile workforce could cause security problems, King said. "Presumably employees who work from home or at remote locations are transferring data behind the firewall from external sources," he explained.
"Exactly how much scanning of data goes on, and what type of security policies are created to deal with that data, are issues companies need to keep an eye on," King said. "The exchange of information is much freer and easier on social networking sites, but it doesn't take a large hole to let a lot of bad code into any environment."
Sixty percent of compromised sites either hosted malicious content or contained a masked redirect to lure people to malicious sites, the Website survey report said. Often, the redirects appeared as the actual Website when the content being served on that page was being hosted elsewhere.
Other new technologies are also laying businesses open to danger. Service-oriented architecture (SOA) (define) is one such technology. It lets companies use gadgets, widgets and mash-ups on their sites to create new applications, and to use Web applications to conduct their business.