The Web now hosts an “unprecedented” number of threats, according to a report recently released by Sophos. In the first quarter of this year, Sophos researchers discovered a newly infected Web page every five seconds, three times more than last year.
What’s especially unsettling is that a whopping 79% of these sites are legitimate ones that have been hacked. Sophos cites a March attack on a European soccer ticket site that tried to infect visitors’ computers and a February attack on UK broadcaster ITV that targeted Windows and Mac users. The top two malware threats found on the Web, Mal/Iframe and Mal/ObfJS, are used by criminals to infect Web sites by exploiting vulnerabilities, according to Sophos, a maker of antivirus software and other products.
The U.S. was the top country hosting Web-based malware in the first quarter. This year, it was responsible for hosting 42% of infected websites, up from last year, when it hosted less than 25%.
But while the number of infected Web pages is up this year, Sophos researchers tracked a decrease in the number of infected emails. One in every 2,500 emails was infected, a 40% drop from last year. Instead of sending a malicious attachment, criminals are sending links to compromised websites.