The number of malicious Web sites has skyrocketed over the past few months, going from 5,000 new ones a day in April to nearly 30,000 a day now.
"This certainly is a huge increase," said Carole Theriault, a senior security consultant with Sophos, in an e-mail to InformationWeek. "In June, we saw it climb to 9,500 a day and then this huge jump up 29,000."
Theriault said there is a two-pronged reason for the remarkable increase.
One reason is that hackers are increasingly turning away from e-mail as their preferred method of spreading malware and putting their focus on the malicious Web site. In some cases, they're creating their own malicious Web sites, but in most cases they're hacking into legitimate sites and embedding malware into them.
According to Sophos, researchers are finding 29,700 new infected Web pages every day, and 80% of them are legitimate sites that have been compromised.
The IFrame malware was a major Web site infector in June.
IFrame, which injects malicious HTML files onto Web pages, actually topped Sophos' chart for June's Top 10 Web Threats, accounting for nearly two-thirds of the world's infected Web pages. Earlier this month, hackers used the IFrame to attack multiple Italian Web sites. Sophos reported that more than 10,000 Web pages were infected in the attack, most of which were on compromised legitimate sites hosted in Italy. Victim Web sites included Italian city councils, employment services, and tourism sites. Most of the affected pages appear to be hosted by one of the largest ISPs in Italy, Sophos noted.
"The Italian IFrame attack should certainly act as a wake-up call to ISPs across the globe," said Theriault, senior security consultant at Sophos. "Malicious code dumped on these Web sites is just waiting to pounce on innocent surfers. Web sites should be as secure as Fort Knox, but at the moment, too many web pages are easy pickings for cybercriminals."
However, Theriault also noted that another reason the number of newly found malicious sites has jumped so dramatically is that researchers simply are getting better at finding them. With so many Web sites out there to scan, finding the malicious ones can be a daunting job. But the more researchers do it, they better they get at it.
InformationWeek