As a follow-up to our article “What You Need to Know About Malvertising:” Dasient saw a spike in the number of websites hosting malware in Q2 of this year, according to the security-as-a-service company’s Q2 Malware Report. According to Dasient, over 1.3 million web sites host malware – more than twice as many as the company found in Q2. Also, malvertising campaigns tend to start on weekends, javascript based attacks are on the rise and ASP pages are increasingly targeted.
Dasient is quick to point out that in the case of attacks on ASP pages, correlation doesn’t imply causation. But it does recommend increased attention to ASP based pages when configuring security systems such as Dasient’s service and/or web application firewalls such as Breach WebDefend, Citrix Netscaler, and Imperva SecureSphere.
JavaScript injections grew by 19% while iFRAME injections decreased by 11%. Dasient credits the change with to the amount of access JavaScript can give hackers to a victim’s browser: DOM elements, page referrer information and cookies.
Dasient notes that malvertising campaigns have a tendency to start on weekends when IT staff are less likely to respond quickly to an outbreak.
Dasient reiterates the “big three” ways sites get hacked, as reported here previously:
Third-party Widgets – 75% of websites use external JavaScript widgets.
Third-party Advertising – 42% of websites display external advertisements.
Third-party Applications – 91% of websites have some outdated web applications.
Dasient competes with ClickFacts and The Media Trust.