According to the security company Dasient, over 1.3 million website host malware – a figure up from the previous quarter. The figures, which were released in the companies Q2 Malware Report had some pretty interesting findings:
- Malvertising campaigns usually begin on a weekend with IT staff are out of the office
- Attacks originating from Javascript are on the rise, with javascript injections up 19%
- IFRAME injectors have decreased 11%
- ASP pages are becoming popular targets from attackers
Dasient also released some figures on the top 3 ways websites get hacked:
Third-party widgets
A whopping 75% of all websites are using external Javascript widgets on their websites such as embedded videos, polls and traffic analytics. Service providers are not immune to being comprimised and make good targets for attackers.
Third-party Advertising
Dasient says 42% of websites are serving up some kind of external advertising. When the adverts get compromised it’s referred to as “malvertising”. There have been some high profile cases, even here in Australia with popular eCommerce website DealsDirect.com.au infected with malware via advertisements back in March 2010.
Third-party applications
This last one is very common, and Dasient claims 91% of websites are using some kind of outdated web applications. These include Content Management Systems (CMS), blogging tools, CRMs, forums etc.