More than two-thirds of web-based malware is now found on the websites of legitimate companies, according to security supplier Scansafe. That's an increase of 470% compared with May 2007 rates, say the company's researchers.

A large proportion of these attacks originate in China, where hackers are ‘planting' malicious code on legitimate websites in the West. This code redirects visitors to malicious servers, which infect their computers, enabling the hackers to steal passwords and other data.

"You absolutely cannot assume that because you are visiting a well-known site that it is safe. Currently, thousands of legitimate web sites are being compromised daily," said Mary Landesman, a senior security consultant at Scansafe.

In the latest round of SQL-injection attacks this week, the website of US retail giant Wal-Mart was compromised when hackers exploited a weakness in Adobe's Flash Player software. Hackers have also targeted several UK sites recently, including those of the Royal Statistical Society, the National Media Museum, social care development agency Skills for Care, as well as a number of businesses.

Comments

There are currently 5 comments about this blog.

Mandy Shaw, 4 months ago

Very good question, Sean. I would guess that most people nowadays take some sort of action to prevent virus and spyware attacks on their PCs. But if they forget to renew their protection, or if automatic updates don't work for some reason, or if this is a brand new threat, then they could obviously still be in trouble. All users need to be educated - at least to take care, to run the occasional scan, and not to ignore signs of trouble like performance problems, the home page changing unexpectedly, etc. In my experience, though, most problems of this sort with home PCs are not caused by legitimate websites, they are caused by dodgy or borderline ones. Minor finger trouble when typing a URL can cause all sorts of problems, for example.

Sean, 4 months ago

What can users can do to protect themselves from this practice? What I mean is, does this affect users that have up-to-date security/virus etc protection? Or are there still many users who still do not bother protecting their computer? Thanks.

Archie Dean, 5 months ago

I think brands will only really sit up and take notice when there's a major customer backlash resulting from a hacking incident. Until then, expect brands to be continually in firefighting mode.

Louis France, 5 months ago

I read a statistic the other day from security company McAfee that 19.2% of all Web sites ending in the ‘.hk’ domain pose a security threat to Web users. That seems an extraordinarily high number of ‘risky’ sites for a well-known country domain. Unsurprisingly ‘.gov’ was considered the safest generic domain.

Victoria, 5 months ago

Did the report indicate what form the malware took and whether the attacks were varied or followed a similar pattern?

Leave a Reply

Name

Email Address

Your Website URL (please include http://)

Your Comment

type the text from the image