It's reality: legitimate websites are no longer safe

Today, over 90 percent of infected web pages carrying malicious malware are considered to be safe sites, Sophos has revealed in its 2008 threat report.

According to Sophos, on average, 16,173 malicious webpages were detected every day - or one every five seconds in the first six months of the year.

This is three times faster than the rate seen in 2007.

In the report, Sophos warned the first half of 2008 saw an explosion in threats spread via the web and it is now the preferred vector of attack for financially-motivated cybercriminals.

“Office workers must realise it's not just the business fat cats who need to worry about this. Visiting an infected website from your work PC, or sharing too much personal or corporate information on sites like Facebook, could lead to you being the criminal's route into your company,” said Graham Cluley, senior technology consultant at Sophos.

Sophos identified that the number one host for malware on the web is Blogger (Blogspot.com), which allows computer users to make their own websites easily at no charge.

Most recently in July, Sony’s US PlayStation website suffered an SQL injection assault which put visiting consumers at risk. In June, as the Wimbledon tennis tournament opened in the UK, the Association of Tennis Professionals (ATP) website was infected.

Furthermore, in January 2008, thousands of websites belonging to Fortune 500 companies, government agencies and schools were infected with malicious code.

SQL injection attacks exploit security vulnerabilities and insert malicious code into the database running a website.

Chia Wing Fei, security response team manager at F-Secure’s Malaysian headquarters, said for the users, the risk of getting infected is higher each day if they don't implement any countermeasures while browsing the Internet.

"They really just want to have a safe and easy Internet to play games, pay bills and socialize with friends. They should ensure that not just their operating system is patched, they need to do the same for their vulnerable applications as well," he added.

According to the report, the US hosts the highest number of infected webpages with just under two in every five infected sites based there. China topped the chart in 2007 and was responsible for hosting 53.9 percent of infected pages
on the web.