Over half of the top 100 web sites have been found to host malicious content or contain a masked redirect to malicious sites.
The sites tend to be either social networking web sites such as Facebook, Flickr or YouTube, or one of the popular search engine sites, according to a report released by Websense Security Labs on the State of Internet Security, Q1 – Q2, 2009.
“With their large user base, good reputations and support of Web 2.0 applications, these sites provide authors of malicious code with abundant opportunity to easily reach a wide number of victims with their attacks.”
It said its research shows that attackers focus their attention on the interactive Web 2.0 elements of the evolving Webscape.
Businesses need to scan and classify the content of web sites in real time, the security vendor has recommended.
Two-thirds of IT managers permit access to top social networking sites that are primarily used for business, such as LinkedIn, though virtually none have the necessary security to protect from all Web 2.0 threat vectors across web, email and data security, Websense studies has found.
It revealed that some 88% of email messages were classified as spam over the last six months. Phishing attacks have fallen to just 2% of all emails, but data-stealing Trojans and DNS poisoning tactics are on the rise.
On data security, the report noted that according to research conducted by Websense Security Labs, 57% of data-stealing attacks are now conducted over the Web.
“With data-stealing web and email attacks on the rise, Websense is tracking where data is being sent around the globe. China had a 7% increase from the previous six month period.”
