Most Malware Hosted On Trusted SitesMay 12, 2009 – 8:10 PM
Symantec’s MessageLabs says the assumption most web-based malware originates from recently created, temporary, trashy adult sites is becoming an old-fashioned notion. Modern hackers are focusing on well-established, trusted websites they can compromise-sites users trust every day of the week.
According to data collected last week, 84.6 percent of website domains blocked by security programs for hosting malicious content were over a year old. Only 15.4 percent were less than a year old, 10.2 percent less than a month, and 3.1 percent less than a week.
“It is highly likely that older sites are legitimate sites, while those that are only a week old or less are likely to be temporary sites set up with the sole purpose of distributing malware,” said MessageLabs senior analyst Paul Wood. “People need to be extra vigilant and understand that even sites they know and trust can be compromised through attacks such as SQL injection attacks.”
Or cross-site scripting (XSS) for that matter. The most recent and frightening examples come from Google and even security company McAfee.