SophosLabs has issued the July 2008 edition of its regular Security Threat Report, this time looking at the first six months of the year.
One of the major themes of the year has been the increase in web-based malware threats, in particular SQL injection attacks, with the labs discovering some 16,173 new infected webpages every day – one every five seconds.
What has surprised some people is that some 90% of the infected pages are on legitimate sites that have been hacked. Whereas in the past it was possible to tell people to avoid “shady” areas of the web (pornography, gambling, warez), that really doesn’t work anymore. The message should be loud and clear – websites big and small, well-known and obscure, can be a risk to unprotected users.
A lot of the media coverage for the report has focused on a tiny part of it: our statistic showing that 2% of the malware is…
Read more in my article on the Naked Security website.