Home / News I have a News Tip

Study Finds 75% of Malicious Websites from Legitimate, Trusted Sources

New report released today finds 75 percent of malicious websites are from legitimate, trusted sources with "Good" reputation scores. According to the report, 60 percent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites.

The stats released today are by researchers from the Internet security company, Websense, which scans more than 40 million websites for malicious code and ten million emails for unwanted content and malicious code.

"Today attackers are overwhelmingly forgoing creating their own malicious sites and targeting legitimate websites that have a built in base of visitors," said Dan Hubbard, chief technology officer, Websense. "There is an element of trust in the Web 2.0 world that the websites we frequent every day are safe, but attackers are taking advantage of the 'good reputations' of websites to launch attacks. Most web security and URL filtering technology today heavily rely on a websites' reputation, but this method is outdated. In terms of security, the URL doesn't matter anymore — it's all about the dynamic content that is served up on the page. To safely use the Internet today, organizations need Web security protection that can analyze the content on the Web page in real-time."

Other key findings include:

• 29 percent of malicious web attacks included data-stealing code, demonstrating that attackers are after essential information and data.

• The convergence of blended Web and email threats continues to increase. Now more than 76.5 percent of all emails in circulation in the past six months contained links to spam sites and/or malicious websites. This represents an 18 percent increase since December 2007.

• More than 45 percent of the top 100 most popular websites support user-generated content.

The following video is provided by Websense where security labs manager discusses report highlights:

To download Websense report State of Internet Security (Q1-Q2, 2008) click here [PDF].

Follow CircleID on
Related topics: Cybersecurity, Web
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

It's not that surprising. Most Michele Neylon  –  Jul 29, 2008 11:28 AM PDT

It's not that surprising. Most of the phishing attacks we see on our network would be via compromised websites. The number of actual pure phishing sites is minimal

To post comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

Cybercrime

Sponsored byThreat Intelligence Platform

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias