(WEB HOST INDUSTRY REVIEW) — Hackers are becoming increasingly sophisticated and bold in their attacks, which means that legitimate websites are more threatened than ever, according to new research from Web anti-malware service provider Dasient (www.dasient.com).
Each quarter, Dasient pulls together web-based malware attacks data from across the web, and using its proprietary malware analysis platform, sorting through millions of websites to summarize general trends in a quarterly blog. In the first quarter of 2010, Dasient reports that the number of infected websites has grown significantly from 560,000 in Q4 2009 to more than 720,000 in Q1 2010. These sites include not only small and medium-sized sites, but also larger, high-profile websites, including Fortune 500 companies.
One of the key factors in infections has been the proliferation of ways in which sites can get infected. For instance, a site that uses an externally hosted javascript widget could become compromised with web-based malware, or content providers using third-party ad networks could have those hijacked with “malvertisements” introducing their users to dangerous content. Viruses and other malware were found in ads on top sites such as The New York Times, Drudge Report.com, TechCrunch and WhitePages.com, as well as on ad delivery platforms including Yahoo, Fox and Google.
The Blog entry, posted by Dasient’s Ariana Beil, makes special note that sites large and small rely on third-parties for packaged software powering website applications such as content management systems, blogging software, and web server software. “It is often difficult for websites to constantly keep the software running their site up-to-date and patched to the latest version,” she wrote. “Keeping server side web applications up-to-date is just as or even more challenging than keeping client side software up-to-date and patched. Even patched applications have vulnerabilities, which emphasizes the need for malware monitoring to mitigate risk due to both known and unknown vulnerabilities in web applications.”
In its study of malware, Dasient was able to identify risk factors for infected sites, finding that 97 percent of Fortune 500 websites are at a high risk of getting infected with malware due to external partners such as javascript widget providers, ad networks, and/or packaged software providers. In fact, Fortune 500 websites have such a high risk because 69 percent use external Javascript to render portions of their sites and 64 percent are running outdated apps.
Furthermore, larger sites are more desirable targets because of their high volume of traffic, making it more convenient for attackers because hijacking an existing site is often easier than driving web traffic to a site set up from scratch.
“Based on our research, it is evident that the malware epidemic is growing rapidly,” Beil concludes. “With cybercrime techniques getting more sophisticated every day, it is critical to educate businesses on how they can put safe security practices in place for their websites to protect their customers and their revenues. In order to make sure that their businesses are not exposed, websites can mitigate their risk by monitoring their websites for malware regularly.”
No related posts.
