The latest Security Labs report from Websense has found that Web 2.0 sites are increasingly being used to carry out a wide range of attacks. Efforts to self-police these sites have also been largely ineffective. Websense research showed that community-driven security tools (asking users to report inappropriate content) on sites like YouTube and BlogSpot are 65% to 75% ineffective in protecting Web users from objectionable content and security risks. Their research also discovered that over 200,000 phony copycat sites have been created, all including the terms Facebook, MySpace or Twitter in their URLs. These sites are created in order to take advantage of the huge number of users of social networking sites. Facebook copycat sites lead the sector with more than 150,000 known fake URLs.
Attackers also capitalized on major events during the last six months, such as the economic recession, to take advantage of job seekers looking for employment by using various exploits to infect victims’ computers. Similarly, celebrities and politics continued to be used as lures by spammers and cybercriminals. At the end of June, the sudden death of Michael Jackson prompted spammers to send malicious email messages using news of the event as a social engineering technique to lure people to their sites.
Other highlights from the report:
- Websense Security Labs identified a 233% growth in the number of malicious Web sites in the last six months and a 671% growth during the last year.
- 61% of the top 100 sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites.
- 95% of user-generated comments to blogs, chat rooms and message boards are spam or malicious.
- 87.7% of email messages were spam, representing a 3% increase over the last six months.
- Shopping remained the leading topic of spam (28%), followed closely by cosmetics (18.4%), medical (11.9%) and education (9.5%). Education themed spam has nearly doubled over the previous period and may be related to the recession as spammers seek to exploit people looking to gain new skills or obtain fake qualifications to help their job prospects.
Click here to read the report in full