PC Help Guide

The threat to firms of their web sites being hacked has risen dramatically, according to new research from web security vendor ScanSafe. In a security report entitled A comparative look at the state of web security, May 2007-May 2008, released on Thursday, ScanSafe found 68 percent of all internet-based malware was now being hosted on legitimate sites.

“The compromise techniques being used now allow hackers to quickly ‘colonise’ thousands of legitimate sites, from big brand-name sites, to smaller but equally legitimate sites,” said Mary Landesman, senior security researcher at ScanSafe.

For example, ScanSafe reported earlier this week that some pages on the Wal-Mart website were compromised in the latest phase of an ongoing series of SQL injection attacks. The attack was used to plant exploits of recent Flash vulnerabilities onto Wal-Mart’s site.

“The criminals are leveraging the popularity of these web sites – when you compromise a site drawing hundreds of thousands of visitors a day it’s a much faster way to reach [a large audience],” said Mary Landesman.