In the first half of 2009, 77 percent of Web sites with malicious code are legitimate sites that have been compromised. This high percentage was maintained over the past six months due in part to widespread attacks including Gumblar, Beladen and Nine Ball which aimed to compromise trusted and known Web properties with massive injection campaigns.
Efforts to self police Web 2.0 properties have been largely ineffective. Websense research shows that community-driven security tools used on sites like YouTube and BlogSpot are 65 percent to 75 percent ineffective in protecting Web users from objectionable content and security risks.
The "dirty" Web is getting dirtier: 69 percent of all Web pages with content classified as objectionable also had at least one malicious link. This is becoming even more pervasive, as 78 percent of new Web pages discovered in the first half of 2009 with objectionable content had at least one malicious link.
The Web continues to be the most popular vector for data-stealing attacks. In the first half of 2009, 57 percent of data-stealing attacks are conducted over the Web. 37 percent of malicious Web attacks included data-stealing code, demonstrating that attackers are after essential information and data.
The convergence of blended Web and email threats continues to increase. Websense reports that 85.6 percent of all unwanted emails in circulation during this period contained links to spam sites and/or malicious Web sites. In June alone, the total number of emails detected as containing viruses increased 600 percent over the previous month.