Number of Malware-Infected Websites Tops 1 Million


Research from the IT security vendor Dasient conducted during the second quarter finds that the number of websites infected with malware has topped 1 million.

According to Dasient CTO Neil Daswani, the company's research found more than 200,000 different variants of malware on 1.3 million websites, and that 74 percent of these infections involve JavaScript.

The rise of JavaScript as a vehicle for delivering malware, said Daswani, does not bode well for websites that use JavaScript to integrate third-party components and widgets.

Daswani surmises that the economic downturn is boosting the number of idle developers being lured into cyber crime.

Many of the attacks detected by Dasient, which makes software to detect "malvertising" in Web advertisements, are hiding in advertisements that are easily spread through ad networks. In many cases, the owners of ad networks are responding rapidly to these issues, but the average life of a malware ad on the Web is still 11.5 days, he said. A majority of those ads tend to be launched on the weekend, said Daswani, when most IT staffs are less vigilant about the security of their sites.

Beyond deploying security software to deal with this issue, Daswani recommends that sites only use components and widgets that have been validated by a developer's signature that they recognize.