Almost Six Million Web Pages Infected in Recent Months

According to statistics released by a Web security vendor, the third quarter of 2009 was characterized by a spike in Web-based malware infections. In total, over 640,000 sites, amounting to 5.8 million web pages, were infected by 52,000 distinct threats during this period.

The report was released by Dasient, a company based in Palo Alto, California, and reflects data gathered through its Web Anti-Malware (WAM) service. "Based on the telemetry data we've gathered from the web, we estimate that more than 640,000 sites and approximately 5.8 million pages were infected in the quarter," writes Ameet Ranadive, co-founder of the company and former strategy consultant at McKinsey.

This number represents a significant increase over previous estimates. Microsoft's Security Intelligence Report for the last half of 2008 placed the number of infected pages at around one million per month, half of the average number of monthly infections reported by Dasient for Q3 2009.

The company's Web Anti-Malware (WAM) platform was launched at the middle of June and has so far identified over 72,000 unique Web-malware infections. Over 70% of these (52,000) were discovered in the third quarter of this year.

Mr. Ranadive explains that this "has been accelerated by the fact that using legitimate sites as a delivery method enables attackers to infect large numbers of endpoints at once, and by the trend toward increasing complexity in and interoperability between websites and web applications (which is in turn opening up more and more attack surfaces)."

As far as infection type goes, 54.8% of them consisted of rogue JavaScript code injected into pages. Another popular form of web compromise, iFrame injection, accounted for 37% of attacks, while 8% were of other types, including the recently observed malicious advertisements (malvertizements).

The rate of reinfection has also been unusually high during this period, being estimated at 39.6%. Some of the factors responsible for this are the big number of available attack vectors and better obfuscation techniques, such as the dynamic generation of SRC attributes, which might prevent webmasters from discovering all infections.