The half yearly security threat report released by IT security and control firm Sophos reveals dangerous trends in cyber-crime.  The major area of concern is malicious web pages.  As web 2.0 sites become more and more popular cyber criminals are increasingly turning to web pages as an easy entry point to targeted computers.

In 2007, SophosLabs discovered one new infected webpage every 14 seconds. In the first six months of 2008 that figure rose to one every five seconds, or an average of 16,173 malicious webpages every day – and 90 percent of these webpages are on legitimate sites which have been hacked.  This is a major issue as sites of many Fortune 500 companies and educational institututions were compromised with injected malware.  The websites of Cambridge University Press and Association of Tennis Professionals (ATP) are among the prominent websites that were hacked this year.  The report states that In June 2008 Blogger (Blogspot.com) was responsible for hosting 2 percent of the world’s web-based malware, making it the primary host of malicious code worldwide.

The report also highlights the threat in emails received. Although the number of emails containing malicious attachments has declined, many emails contain links to malicious webpages.  Rather than incorporating malware into the email in a form of an attachment, cybercriminals are using unsolicited email, or spam, to provide links to compromised websites.

The report also brings to focus the danger of targeted malware attacks.  Like spear-phishing, targeted malware attacks are small-scale, usually sent as if from a member of your own company (in other words somebody you are more likely to trust), and typically designed to get the user to click on an infected email attachment.