Web attacks grow fast, Wal-Mart absorbs a blast

Security researchers are finding no shortage of evidence that Web-based attacks are only getting worse, accelerating at an even greater pace over the last 12 months.

According to a report issued this week by malware filtering specialists ScanSafe, the emergence of new Web attacks increased dramatically between May 2007 and May 2008, including a number of threats that infected popular legitimate sites maintained by large companies, including retail giant Wal-Mart.

At the core of the leap were an "unprecedented" series of compromises that planted hundreds of thousands of malware samples on legitimate sites using malicious scripts and iframes, the company said. Most of the attacks were designed to secretly plant keyword loggers on the machines of unsuspecting site visitors.

During May 2008 alone, users were faced with a three-fold increase in the volume of Web-based malware exposure compared to one year ago, ScanSafe researchers estimate.

Overall, the sheer volume of Web-based threats increased 220%, with the average risk of exposure to such exploits and infected sites jumping by 407% over the past year. Even scarier, the company reported that backdoor and password stealing malware attacks increased 855%, with 68% of all Web-based malware residing on legitimate sites that have been somehow subverted during May '08.