Malware is more likely to come from advertisements on seemingly legitimate sites than on those previously thought to be more dangerous, such as adult content sites or those offering illegal pharmaceuticals, Cisco said in its recently released Annual Security Report [PDF].
"Web malware encounters occur everywhere people visit on the Internet - including the most legitimate of websites that they visit frequently, even for business purposes," Mary Landesman, Senior Security Researcher with Cisco, said in the report. "Indeed, business and industry sites are one of the top three categories visited when a malware encounter occurred. Of course, this isn’t the result of business sites that are designed to be malicious."
Cisco clarified that the presence of malware in advertisements on legitimate business or media sites does not signify any corruption of the site itself. The advertisement is just a portal through which users are exposed to malware that is hosted elsewhere, the report said.
"In malvertising, for example, the encounter typically occurs when visiting a reputable, legitimate website that happens to carry third-party advertising. However, the actual malware intended for delivery is hosted on a completely different domain. Since our data is based on where the encounter occurred, it has no bearing on actual malware origin. For instance, increased popularity of social media and entertainment sites in Denmark and Sweden, coupled with malvertising risks, is largely responsible for increased encounters from sites hosted in those regions but is not indicative of actual malware origin."
Online advertisements were the second-most likely source of exposure to malware, accounting for 16.8% of all malware found in the study, Cisco said. "Dynamic Content" and content delivery networks were at the top of the list, with 18.3%. Business & industry (with 8.15%), online games (6.51%), web hosting (4.98%) and search engines and portals (4.53%) rounded out the top six sources of malware, according to Cisco.
The findings chip away at the common, and what Cisco called "outdated," theory that less mainstream websites are more likely to spread malware to those visiting them.
"The top 20 website categories are absent of sites typically thought of as malicious. There is a healthy mix of popular and legitimate site types such as online shopping (#8), news (#13), and SaaS/business-to-business applications (#16)."
Not surprisingly, Cisco attributed the shift of malware toward mainstream sites and banner ads as an attempt by cybercriminals to target the pockets of the web that attract the largest and most active audiences.