Booby-trapped web pages are growing at an alarming rate with
unsuspecting firms acting for nurseries for botnet farmers, according
to a new study. Security watchers at Sophos are discovering 6,000 new infected
webpages every day, the equivalent of one every 14 seconds. Four in
five (83 per cent) of these webpages actually belong to innocent
companies and individuals, unaware that their sites have been hacked.

Websites of all types, from those of antique dealers to ice cream
manufacturers and wedding photographers, have hosted malware on behalf
of virus writers, Sophos reports.

The study sheds fresh light on the well-understood problem of
drive-by-downloads from compromised sites, a tactic that’s come to
eclipse virus-infected email as a means of spreading malware.
Cybercrooks target users by spamvertising emails containing links to
poisoned webpages, exposing unsuspecting victims to malware. At least
one in ten web pages are booby-trapped with malware, according to a
separate study by Google published last May.

Often these malware packages are designed to put compromised zombie PCs under the control of hackers.

Around half a million computers are infected by bots every day
according to data compiled by PandaLabs, the research arm of anti-virus
firm Panda Software. Approximately 11 percent of computers worldwide
have become a part of criminal botnets, which are responsible for 85
percent of all spam sent, it said.

You’ve been iFramed

Compromised sites often contain browser exploits that allow hackers
to push Trojans and the like onto vulnerable PCs. Sophos reports that
the well-known iFrame vulnerability in Internet Explorer remained the
preferred vector for malware attacks throughout last year. China (51.4
per cent) led the US (23.4 per cent) in the net security firm’s list of
malware-hosting countries. The figures represent a reversal from 2006,
when China held second place after the US on the list of shame.

"We would like to see China making less of an impact on the charts
in the coming year. Chinese computers, whether knowingly or not, are
making a disturbingly large contribution to the problems of viruses and
spam affecting all of us today," said Graham Cluley, senior technology
consultant at Sophos.

Via the Register