Fasten your common sense seatbelt and bolt on your FUD helmet. According to a report just released by Websense, a web, data and email security firm based in San Diego, CA, in the second half of 2008 70 of the top 100 websites either hosted malware or linked to sites hosting malware. To set some context, these numbers represent a 16% increase over the previous six-month period.
The top 100 sites — many of which are social networking, Web 2.0 and search sites — represent the majority of all webpages viewed on the Internet and were identified via the Alexa web service.
The report from Websense Security Labs entitled State of Internet Security, Q3-Q4, 2008 (PDF), is updated every six months and unfortunately, though predictably seems to contain more and more depression inspiring facts with each release.
It's useful to note that fear, uncertainty and doubt, while plausibly rational reactions, are quite good for the company. Websense is in the business of selling security information, which the company states is used to protect over 42 million employees in more than 50,000 organizations worldwide.
User Generated Content is the Most Abused
For web content and web content management system people, the report should cause you to sit up and reflect a moment. We don't talk a lot about security in our little sector, but from time to time, we should. This is especially true as more of us evolve towards user generated content and Web 2.0 web content management operations.
According to Websense CTO, Dan Hubbard, their research team is "seeing an increase in cybercriminals taking advantage of the growing number of Web 2.0 properties that allow user generated content. More than ever we're seeing attackers inject Web sites with links and iFrames to direct users to malicious and compromised sites with the ultimate purpose of stealing data."
For those without the time to digest the full report, here's the quick 'n dirty laundry list:
- 70 of the top 100 most popular sites were found to be hosting malware or linking to other sites that hosted malware.
- The numbers are up 16% from the first half of 2008.
- More than 77% of the sites Websense classified as malicious were actually sites with seemingly "good" reputations that had been compromised by attackers.
- The number of malicious websites identified by Websense from Jan 1, 2008 through Jan 1, 2009 has increased by 46%.
- 39% of malicious Web attacks included data-stealing code. Websense asserts that this demonstrates that attackers are after essential information and data.
- 84.5% of email messages were spam. This represents a 3 percent decrease over the last six months.
- There was a DECREASE in phishing attempts, where only 6% of spam was classified as such — a 33% decrease from the first half of 2008.
- Porn spam increased an impressive 94%, apparently in compensation for droopy 2008 sales figures. It's a marketing gamble in which we reckon results are not guaranteed.