The emerging trend of malware embedded sites
Malware embedded web sites are steadily gaining a priority in an attacker’s arsenal of infection and propagation vectors, and we’ve been witnessing the trend for over an year and a half now. Malware authors seem to have found an efficient way to hijack, inject and exploit legitimate sites or Web 2.0 services in order to serve the obfuscated payload which is no longer purely relying on social engineering tactics, but is basically exploiting unpatched client side vulnerabilities to infect the visitors. Also, malware authors seem to have started thinking as true marketers, taking into consideration that a visitor will go through a potentially malware embedded site only once and wouldn’t visit it given the lack of content — blackhat SEO garbage — so that they’ve stopped relying on having a malicious site exploit a single vulnerability only, and started hosting multi-browser, multi-third-party malware embedded sites, thus achieving malicious economies of scale.
Here’s a great summary courtesy of Sophos showcasing the increasing number of sites with malware embedded payload :