Bit9

Ellen Messmer of Network World has interviewed Stephan Chenette, manager of the Websense Security Labs. He said that "Sixty percent of the of 100 most-popular Web sites have been hosting malicious code or inadvertently distributing it." Even more disturbing is that "75% of malicious Web sites in general are actually legitimate Web sites that are compromised." That's a huge jump from last year when Websense surmised that number stood at 51% and a testament to the effectiveness of Sql Injection attacks.

Quite a few popular Web sites were listed as inadvertently hosting malicious code during the last half of 2008 including CNET.com, MSNBC.com, ZDNet.com, Wired.Com, News.com, Yahoo.com, Excite.com and perl.com."

Not much detail was given, but it was cited that banner ads distributed by Yahoo's network were used for malicious code. If you look at comScore's Ad Network June propagation report, this can indeed be eyebrow rising. Top five add distribution networks (AOL, Yahoo, Google, SpecificMedia, ValueClick) have each a reach of over 75% of 190M unique Internet users tracked by comScore.

We need better protection from injections against trusted web sites and trusted advertising networks. All web based exploits require writing of payload to your local file system, be it rootkit or trojan components. These elements are unknown and unwanted. Any Application Whitelisting solution will be able to help you in determining which files are new and unknown. That should be our model from defending ourselves from increasingly complex web-based attacks. It will not be long before web-based attacks migrate inside of flash and flex widgets and start heavily using AJAX technologies.