The number of Web sites hosting malicious software, either intentionally or unwittingly, is rising rapidly, according to statistics released on Tuesday from Dasient.
More than 640,000 Web sites and about 5.8 million pages are infected with malware, according to Dasient, which was founded by former Googlers to offer services to help Web sites stay malware-free and off blacklists.
That figure for infected pages is nearly double what Microsoft estimated in a report in April.
Meanwhile, the Google blacklist of malware infected sites has more than doubled in the last year, registering as many as 40,000 new sites in one week.
Dasient identified more than 52,000 Web-based malware infections, bringing the total to more than 72,000 unique infections logged by the company since it launched its malware analysis platform early this year.
Infections on newly compromised sites that have 10 pages or more spread to nearly one quarter of the pages on the site, on average. Nearly 40 percent of the infected sites were later reinfected.
Most of the malware infections are accomplished by JavaScript and iFrames being injected into legitimate sites, accounting for nearly 55 percent and 37 percent respectively, said Dasient co-founder Neil Daswani.
The statistics illustrate the growing trend of attackers targeting browsers and Web applications with SQL injections, cross-site scripting and other attacks that can lead to drive-by downloads. Infections can come from anywhere on a site, including widgets and ads.
Dasient will be providing a top 10 list of Web-based malware attacks for each week and other trend information, as well as publishing information about new infections via a Twitter feed.
This article was first published as a blog post on CNET News.
Play video
Web-based malware infections rise rapidly, stats show
The Dasient data is quite interesting of course. I would very much like to get something of a "virtustotal" sense for how typical anti-virus/spyware products fare against the attacks served by these infested websites. My suspicious is that these attack payloads tend to be kit-based and therefore unlikely to be detected by signature-based (patterns) mechanisms.
www.blueridgenetworks.com...
Posted by Eirik Iverson on Friday, October 30 2009 04:27 AM