A study recently conducted by Sophos revealed that Pharming scams have increased sixfold since the beginning of this year. In addition, about 80% of all malware based on the web comes from legitimate sites that have been compromised. Facts and figures like these just go to show you that you can never be too careful when surfing the web. No matter if a site looks legitimate or not, always make sure you have updated security signatures and software on your system.

The number of infected Web pages has soared nearly sixfold since the first of the year, according to security company Sophos PLC.

Detailed in a just-released threat report, the spike shows just how widespread Web attacks have become, Sophos said today. In June, the company detected an average of almost 30,000 newly-infected pages each day; earlier in the year, the tally was as low as only 5,000 new pages daily.

The vast majority of pages serving up malicious content are in fact hosted on legitimate Web sites, Sophos also said. About 80% of all Web-based malware is on innocent, albeit compromised, sites.

A recent example: The June attacks launched from a collection of more than 10,000 legitimate Web sites, the bulk of them hosted on Italian servers. The servers were compromised using an unknown vulnerability, then loaded with Mpack, a multiple-exploit tool kit that hackers deploy to hijack PCs visiting those sites.

“It begs the question as to why Web hosts are not taking the necessary steps to properly secure their servers,” said Graham Cluley, senior technology consultant at Sophos, in a statement. “Simple measures such as keeping up to date with security patches will go a long way towards thwarting this problem; the fewer holes in server setups, the lower the risk of infection.

“Hosts not behaving responsibly must bite the bullet and take better care of their sites,” he said.[more]

Tags: Malware, Websites