A new study from ScanSafe, that compared more than 10 billion web requests from May 2007 to May 2008, indicates that legitimate websites pose the greatest risk for malicious code. The study looked only to corporate customers, so the data represents risks present in the office.

The study found that 68% of all web-based malware blocked during May 2008 was found on legitimate sites, up 407% from May 2007. There has been a huge series of attacks that infect legitimate sites with malicious scripts to deliver password stealers and backdoors to visiting computers.

“The compromise techniques being used now allow hackers to quickly ‘colonize’ thousands of legitimate sites, from big brand name sites like Wal-Mart, to smaller but equally legitimate sites,” says Mary Landesman, senior security researcher at ScanSafe.

Malware overall is up 220% during this 12-month period. The greatest growth was in backdoor and password-stealing malware. These indirect attacks are more stealthy and leverage legitimate brands to get at consumer trust. Sensitive data is at a high risk by these invisible backdoor attacks. Corporate users faced a three-fold increase in the volume of Web-based malware exposure during this time period.

There are a wide variety of tools available for attackers to compromise websites. The tools, easy and often free, make it easy for even an unskilled attacker to reap returns. ScanSafe has indicated that the security status in the present environment is very high.

Via security focus Tags: security, it security, malware, corporate security, security planning