Trusted Web Site? Not So Fast

It's not been a great year for Web security, so far. First we learn that <a href="http://www.informationweek.com/showArticle.jhtml;jsessionid=K2W1RSXSTB1REQSNDLRSKH0CJUNN2JVN?articleID=205900444&queryText=hacker-safe">HackerSafe</a> isn't so hacker safe, after all. Then we find out that hackers have found a way to automatically redirect most home routers to wherever they <a href="http://informationweek.com/blog/main/archives/2008/01/driveby_pharmin.html;jsessionid=K2W1RSXSTB1REQSNDLRSKH0CJUNN2JV

1 Min Read
Dark Reading logo in a gray background | Dark Reading

It's not been a great year for Web security, so far. First we learn that HackerSafe isn't so hacker safe, after all. Then we find out that hackers have found a way to automatically redirect most home routers to wherever they wish. And now it seems that so-called legitimate Web sites may not be so "legitimate" (or at least safe) after all.It's apparently so easy to infect existing Web sites that there's decreasing need for criminals to set up shill sites. At least that's the takeaway from a recent report published by security vendor Websense, which attempts to examine security trends for the second half of last year.

In fact, 51% of Web sites infected with malicious code are actually legitimate, but compromised, Web sites. This is actually a stark increase from the 30% or so of infected legitimate sites the company reported for the first half of 2007.

So this means that miscreants -- because the Web site security and development practices of conventional businesses are negligent -- don't even have to go through the trouble of developing and hosting a Web site, or even the bother of deluging everyone with spam designed to lure folks to a Web site trap.

No, all they have to do is find a trusted site that's already vulnerable. And that, unfortunately, seems all too easy.

About the Author

George V. Hulme, Contributing Writer

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights