Sep 15, 2010 19:36 GMT  ·  By

According to Web security vendor Dasient, a number of 1.3 million Web sites were infected by almost 200,000 different threats during Q2 2010.

"This quarter marks a significant spike in the number of infected websites - almost double the number of the previous quarter. "Hackers have been very busy and are constantly coming up with new attacks," the vendor writes in its latest quarterly report.

In addition, the company points out that this is the first quarter when the number of infected websites has passed the one million mark.

The second quarter was also significant because the large number of new unique infections – over 58,000, of which 43,000 JavaScript and 15,000 IFrame injections.

Overall, the number of JavaScript injections has grown by 19% and that of malicious IFrames has decreased by 11%, clearly suggesting that attackers favor the first.

"JavaScripts have access to the DOM elements in the rest of the page, thereby giving attackers more information and more capability to 'muck' with the page.

"Scripts sourced in via IFRAMEs, by comparison, do not have the capability to access or communicate with the rest of the page," the Dasient researchers explain.

The number of attacks that involve malicious advertisements was also on the rise. The company estimates that 1.6 million malvertisements are served on a daily basis, which is an increase of 20% over a mid-Q2 estimate.

In addition, the lifespan of malvertizing campaigns has increased by over 50% and is now 11.5 days. A tendency to launch such attacks during weekends has also been observed.

The main issues leading to malicious code injections appear to be structural vulnerabilities. According to Dasient's findings, 75% of websites use remote JavaScript widgets, 42% use external advertising services and 91% use outdated third-party applications.

A noteworthy increase in the number of .info malicious domains was also recorded, however .com and .cn remain the TLDs preferred by attackers.