Spam, malware dominate online user comments, Websense reports

A staggering 95% of all "user-generated comments" for blogs, chat rooms and message boards online are spam or malicious, according to a new Websense report on security threat trends.

"That's the first time we started monitoring that," says Patrick Runald, Websense senior manager for security research, about the level of spam and malware ploys carried out around blogs and chat rooms.

The Websense Security Labs "State of Internet Security Q1 – Q2 2009," which covers the period up to June of this year, also notes that the number of malicious Web sites for the period more than tripled. In addition, 77% of Web sites with malicious code are said to be legitimate sites that have been compromised.

"The bad guys are finding new ways for disseminating malware," Runald said. "It's getting worse."

According to the Websense Security Labs report, based on data collected in part from scanning 40 million Web sites every hour, 61% of the Top 100 sites are said to either be hosting malicious content or containing a masked redirect to lure unsuspecting victims from legitimate sites to malicious ones.

Facebook, YouTube become malware magnets

More than 47% of the Top 100 sites, particularly social-networking sites, such as Facebook or YouTube, support user-generated content, which the report notes is becoming a significant way to disseminate malware and conduct fraud.

"On Facebook and other social-networking sites, there's an explicit sense of trust," says Runald. "That's why the bad guys are attempting to exploit it, with malware like Koobface, which could hijack your machine and send messages."

In the area of cybercrime, one significant attack that took place involved criminals seizing control of the CheckFree Web site and attempting to re-direct users to a Web site hosted in Ukraine that tried to install malware on victims' computers. The report said CheckFree has more than 24 million customers and controls 70%-80% of the online bill-payment market.