A new study conducted by Websense has determined that most websites offering up attack code (malware) are legitimate domains that have been hacked. This is the first time legitimate sites have outnumbered malicious sites (sites intentionally built to seed malware) in malware attacks.

51% of malicious sites in the latter half of 2007 were compromised (hacked) and seeded with malware that would infect unpatched computers visiting those sites. There are many attractive reasons inviting this change in tactics. Legitimate sites have existing traffic, free hosting, are trusted by consumers, and offer a level of anonymity for the source of the malware (ownership cannot be traced).

Dan Hubbard, vice president of Websense, says:

“More and more, attackers are compromising legitimate Web sites to infect visitors with information-stealing code or to add users’ machines to botnets. Additionally, they are increasing the sophistication of their attack methods and building resilient infrastructures… Organizations need to ensure their Web, messaging and data security solutions can protect the avenues hackers seek to exploit for financial gain.”

The report indicates that this trend of infecting legitimate sites is accelerating. The previous report indicated legitimate sites hosting malware were in the mid-30% range. Sites are now being hacked en masse - with anywhere from 10,000 to 90,000 sites being compromised at once. Exploit tool kits (do-it-yourself malware creation kits) account for 19% of malicious sites created or compromised.

Continue reading the report at Websense.

Via computerworld Tags: malware, it security, security, hacking, scripts, malicious website, web attack, security