Majority of Top 100 Websites Host Malicious Content

A majority of the top 100 websites hosted either malicious content or masked redirects according to a Websense report.

Summarizing its significant findings during the six-month period ending in December 2008.

The highlights are:

Web Security

  • 77 percent of Web sites with malicious code are legitimate sites that have been compromised.The number of malicious Web sites identified by Websense Security Labs from January first, 2008 through January first, 2009 has increased by 46 percent.
  • 70 percent of the top 100 sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites.
  • This represents a 16 percent increase over the last six-month period.

Messaging Security

  • 84.5 percent of email messages were spam. This represents a 3 percent decrease over the last six months.
  • 90.4 percent of all unwanted emails in circulation during this period contained links to spam sites or malicious Web sites. This represents almost a 6 percent increase in emails containing malicious links to compromised sites.
  • Shopping remained the leading topic of spam (22 percent), followed closely by cosmetics (15 percent) and medical (14.5 percent). This remained consistent over the last six months.
  • Pornography-related spam increased sharply by 94 percent, but still only represented 9 percent of all email spam. 6 percent of spam messages were phishing attacks, representing a 33 percent decrease over the last six months.
  • This represents a change in tactics as spammers concentrated on data-stealing Trojan horses and DNS poisoning tactics to lure victims to malicious sites.

Data Security

  • 39 percent of malicious Web attacks included data-stealing code.
  • 57 percent of data-stealing attacks are conducted over the Web.
  • This represents a 24 percent increase over the six-month period.

The full report is here