The Web has become decidedly more dangerous in the past year, as a wave of SQL injection and other types of attacks has compromised hundreds of thousands of legitimate websites, according a new report released by ScanSafe researchers.
Comparing May 2007 to last month, the volume of threats facing Internet users increased 220%, researchers at the San Mateo, Calif.-based managed Web security company said. At the same time, the risk of exposure to exploits and compromised websites increased 407% while backdoor and password-stealing malware shot up 855%.
During the past six months, a flood of attacks have compromised websites and loaded them with malicious scripts and iframes that infect visitors' computers with backdoors and password stealers. While SQL injection attacks have been the most severe, other attacks have used stolen FTP credentials and cross-site scripting, said Mary Landesman, ScanSafe senior security researcher. Many of the attacks trace back to China.
"It was a different world just a year ago," she said. "The advice has always been to avoid unknown and bad sites and to stick with known, trusted sites. In this current environment, the site that's likely to harm you is that known, legitimate site."
The availability of automated and often free attack tools is largely to blame for the surge in website compromises, Landesman said.
"It's the financial opportunity of a lifetime for would-be attackers. They get the tools for free, compromise sites with no coding skills required, and deposit backdoors and password stealers onto people's systems," she said, adding that attackers then auction off the stolen information.
ScanSafe based its report on malware it blocked for corporate customers. Landesman said for normalization purposes, the analysis studied the same set of customers for May 2007 and May 2008. The data provides perspective on the actual risk because it is based on sites that corporate users are visiting, she added.
Some pages of retail giant Wal-Mart's website were among the latest victims in the latest round of SQL injection attacks. In a blog posting Tuesday, Landesman said that a visitor shopping for an inexpensive art print could have encountered a malicious Shockwave Flash (SWF) file exploiting Adobe Flash Player vulnerabilities. Wal-Mart quickly fixed the pages, she said.
"When you have a site that's as large as Wal-Mart from a corporate standpoint, it really underscores the susceptibility that all sites have to these attacks," she added. Other sites compromised this year include the United Nations, Nature.com, and Honda Thailand.
An unusual aspect in the attacks affecting Wal-Mart is the number of malicious domains involved – at least 20 and most registered on May 28 and 29, she said. Instead of just referencing a single malware host, the attacks might embed references to multiple malware domains.
In April, researchers at antivirus company Sophos released a report that showed a dramatic increase in Web-based threats this year. In the first quarter, Sophos researchers discovered a newly infected Web page every five seconds, three times more than last year. Seventy-nine percent of the sites were legitimate ones that were hacked.