Hackers hit top websites to make thousands of security compromises

Hackers are increasingly taking advantage of weaknesses in web applications and plug-ins to turn legitimate websites into a source of malicious code, according to a report issued today by Symantec.

Share

Hackers are increasingly taking advantage of weaknesses in web applications and plug-ins to turn legitimate websites into a source of malicious code, according to a report issued today by Symantec.

The latest Symantec Internet Security Threat Report has found that Web-based threats, such as botnets, have become widespread and more sophisticated.

The security firm logged over 1.6 million new threats in 2008 which nearly account for 60 percent of all signatures that it has created to date.

"As malicious code continues to grow at a record pace we're also seeing that attackers have shifted away from mass distribution of a few threats to micro-distribution of millions of distinct threats," said Stephen Trilling, vice president at Symantec Security Technology and Response.

Legitimate websites can sometimes host malicious code, Symantec warned. "In the case of a popular, trusted site with high traffic, this can yield thousands of compromises from a single attack," said the Symantec report. Websites operated by the United Nations and the British government were used last year to deliver malicious material to visitors without their knowledge, the report said.

In its EMEA report, which highlights findings from Europe, the Middle East and Africa, Symantec said it had observed an average of 32,188 active bots per day in the EMEA region in 2008, a 47 percent increase from 2007, when 21,864 active bots were detected.

For the second year running, the UK had the second highest level of malicious online activity in the Europe, with 11 percent of the region’s total. Germany topped the league with 14 percent.