The overall number of malicious websites rose by 46 percent last year according to a new study which found that 39 percent of attacks included data-stealing code, "demonstrating that attackers are after essential information and data."
The findings were reported by Websense in its State of Internet Security, Q3-Q4, 2008 white paper, which details how some 70 percent of the top 100 most-visited websites — including social networking sites and search engines — contain malicious content or a link that redirects visitors to a malicious website; representing a 16 percent increase in these infections over the first half of 2008.
This revelation may come as quite a shock to diligent surfers that avoid the Internet's "bad neighborhoods" and lesser-known websites in hopes of remaining unharmed in the face of hackers and identity thieves. According to one media report, "distinguishing between legitimate and illegitimate websites increasingly appears to be meaningless."
Popular websites are frequently targeted by hackers using a variety of means and exploits including iframe and MySQL injections. The report also cites spam emails as a source of online attacks.
According to the report, porn spam is making a dramatic comeback; with a 94 percent increase in the last half of 2008. Despite the growth, porn spam still only accounts for less than 10 percent of all unsolicited commercial emails.
The Websense report also claims that nearly 85 percent of emails sent in the latter half of 2008 were spam, and of those, 90 percent of them contained links to malicious websites.
According to Websense Security Labs, report data is based on its patent-pending Websense ThreatSeeker Network, which it claims to be "the world's first Internet HoneyGrid … [using] hundreds of technologies including honeyclients, honeypots, reputation systems, machine learning and advanced grid computing systems to parse through more than one billion pieces of content daily, searching for security threats."