By Nick Heath
Thursday, July 24 2008 10:45 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,62044103,00.htm

A Web site infected with malware is detected every five seconds--a dramatic increase over the last 12 months is due to the rise in SQL injection attacks.

Web sites poisoned with malware capable of infecting visitors' machines are being discovered at a rate of 16,173 per day--three times faster than in 2007.

Antivirus firm Sophos found that more than 90 percent of the Web pages capable of spreading Trojan horses and spyware are legitimate Web sites. Recent infected Web sites include those of ITV, Sony PlayStation and a golf page on the BBC site--all these Web sites have now fixed their security hole.

Hackers place malware into the database running a Web site using SQL injection attacks, which can allow Trojans and keyloggers to be automatically installed on visitors machines.

According to the Sophos security threat report, Blogspot.com, the blog publishing system owned by Google, was found to be hosting 2 percent of the world's Web-based malware in June 2008--with hackers hosting malicious code on blog pages and posting links to malware-infected Web sites in comments.

Senior technology consultant at Sophos, Graham Cluley, said: "Many businesses are increasingly putting themselves at risk by not scanning Web activity and employees are going to these Web sites and getting infected."

He said the biggest threat comes from home workers because the wider range of Web sites visited in the home increased the risk of getting infected.

The security threat from e-mail attachments has fallen dramatically during the same period, dropping from one infected attachment in every 332 e-mail messages in the first six months of 2007 to one in every 2,500 during the first six months of 2008.

Nick Heath of Silicon.com reported from London.