Web-based malware on the rise

Research from Dasient highlighted the sobering fact that more than 640,000 websites and 5.8 million pages are infected with malware in Q3 of 2009 alone. Some common vectors for malware infection appear to be by the use of JavaScript and iFrame injected into legitimate sites. Interestingly, the study found that compromised websites had a surprisingly high re-infection rate of 39.6 percent. 

I suppose this shouldn't come as a total surprise, given that many organizations are prone to fixing the immediate problems while missing out on the actual attack vector. This could range from compromised account credentials, vulnerabilities in web applications or even via advertisements from nefarious sources.

According to a Dasient spokesperson, the rise in websites hosting malware is at least partly related to increasing complexity of websites. The spokesperson noted that "... modern websites themselves are becoming more complex and dynamic, and are increasingly sourcing in content from other places."

I tend to agree with the comment related to the complexity of websites today. If you recall, the New York Times website was infected with malware that redirected people to a site that sold rogueware. Despite being alerted to the problem, site administrators took some time to identify and eliminate the source of the infection, highlighting the inherent complexity of a modern website.

For more on this story:
- check out this article at CNET News

Related Articles:
Rogueware, the new malice in malware
Some tips from Google to stop malicious online ads
The 10 most terrifying IT debacles of 2009
Symantec identifies top rogue security software
The malware problem is larger than you think