Even seemingly safe web addresses are rife with attack code aiming at vulnerable clients, according to a new study from the Honeynet Project. The study also found that methods such as blacklists can be surprisingly successful in stopping client-side attacks.
Attackers are increasingly turning to end-user systems as a way around the antivirus and firewall systems that are increasingly blocking access to traditional attack routes, according to the researchers, who hail from the US, Germany and New Zealand.
"The 'black hats' are turning to easier, unprotected attack paths to place their malware onto the end-user’s machine," they said in the study, called ‘Know Your Enemy: Malicious Web Servers’.
The researchers, using a "high-interaction" client honeypot called Capture-HPC developed by the Victoria University of Wellington in New Zealand, analysed more than 300,000 addresses from around 150,000 hosts.
The study looked at various site categories, including adult, music, news, "warez," defaced, spam and addresses designed to grab traffic from users who mistype common web addresses. While some categories were more likely to contain malicious addresses than others, all contained malicious addresses, the report said.