Sex sites out, IT sites in for cybercrooks planting malware

Sex sites out, IT sites in for cybercrooks planting malware


It's long been a tactic by cybercriminals to load up compromised websites with malware-laden links to snare victims, but instead of it being the sex sites as of old, the favored type of website now is for information technology, according to analysis in the Websense threat report out today.

According to analysis based on its ThreatSeeker technology and other means, 85% of malicious Web links last year were found on legitimate hosts that had been compromised, up from 82% the year before. Cybercriminals are finding the value in infiltrating computers of enterprises by subverting anything remotely related to information technology, from vendor websites to content like blogs and news, says Chris Astacio, research manager at Websense.

[ RELATED: .xxx launches porn search engine

MORE: How joining Google Gmail with encryption system helps high-tech firm to meet government security rules ]

In addition, businesses today that do Web filtering are usually blocking access to porn and gambling sites, whereas they're reluctant to limit access to any site related to IT because it might cut into productivity. After the category of "information technology," the most targeted websites for malware links were for "business and economy."

The top countries hosting malware are the United States, the Russian Federation and Germany, the report points out. And the top three "victim" countries are the U.S., France and the United Kingdom. And of course, spam remains the attacker's trajectory to reach victims, with only 1 in 5 emails considered safe or legitimate, according to the Websense report. The U.S. also must be counted as the top country for hosting phishing emails last year, followed by the Bahamas and Canada.

Once a victim's machine has been compromised, there's the likelihood that sensitive information would be transferred out of the enterprise network by the attacker through a system of so-called command and control (CnC) servers. In examining where these have been seen, Websense used a customized sandboxing method to detect attempted attacks against its customers. According to Websense, the top countries hosting CnC servers are China, the U.S. and Russia, which together are said to account for about half of all detected activity of this kind.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Read more about wide area network in Network World's Wide Area Network section.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cybercrimemalwareGooglelegalwebsensecommand-and-control servers


ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments