Most Attacks Come from Legit but Hijacked Sites
Web attacks are routinely hosted by actual sites infected and acting as zombies, security firm warns.
John E. Dunn, Techworld.com
Data taken from the days between May 4 and 8 showed that 84.6 percent of Websites blocked by the company for hosting malicious content were 'well-established' domains that have been around for a year or more.
During the same period, 10.2 percent of blocked domains were less than a year old and only 3.1 percent were less than a week old.
At first glance this, this runs counter to the assumption that malicious Websites more commonly exist for only days or hours in some cases, the better to avoid detection and filtering. This is termed "fast-fluxing," cycling websites through a maze of bogus sub-domains.
However, according to MessageLabs, the likely explanation is that a move to genuine domains means that the fast-fluxing has now migrated to use a different part of the domain tree.
"The bad guys will compromise the DNS and add sub-domains," said MessageLabs' Paul Wood. The recent figure represented a high mark, admitted Wood, but still represented a gathering storm.
"People need to be extra vigilant and understand that even sites they know and trust can be compromised through attacks such as SQL injection attacks, while businesses need to ensure they take the necessary precautions to block all the latest malicious sites," said Wood.
"With the ever advancing world of cybercrime, nothing can be taken at face value."