According to a report antivirus vendor Sophos says it detects one Web page with malicious content every 5 seconds--a trend that is up 300 percent from 2007. security veteran Graham
SophosLabs has issued the July 2008 edition of its regular Security Threat Report.
One of the major themes of the year has been the increase in web-based malware threats, in particular SQL injection attacks, with the labs discovering some 16,173 new infected webpages every day - one every five seconds.
A lot of the media coverage for the report has focused on a tiny part of it: our statistic showing that 2% of the malware is hosted on Blogspot.com. If you think about it, Blogger/Blogspot’s position is probably not surprising - it’s a phenomenally popular platform for people to create their own webpages (blogs), and gives internet users the ability to comment on other people’s blogs. Inevitably, there are ne’er-do-wells out there who will try and abuse a great service like that, and try and plant malware and malicious links. For its part, Google - the company who own Blogspot - takes security seriously, and works hard to shut down webpages serving up malware.
There’s much more in the full report grab yourself a free copy.
Tricks used by criminal hackers include using simple HTML code to place via SQL-injection a 1x1 pixel element (about the size of a pin prick) on an infected page. In loading the page, the Internet browser would then contact a server running exploit scripts and malicious code. But because the sites are legitimate, some security vendors struggle with blocking infected Web pages.
A spokeperson for Google said "Google takes the security of our users very seriously, and we work hard to protect them from malware. Using Blogger, or any Google product, to serve or host malware is a violation of our product policies. We actively work to detect and remove sites that serve malware from our network."