There has been a 233 per cent growth in malicious sites in the last six months, while a 671 per cent increase was recorded in the last year, reveals Websense Security Labs in its bi-annual research report on Internet security.

In the first half of 2009, 77 per cent of websites with malicious code were legitimate sites that had been compromised, the report says. “Web 2.0 sites allowing user-generated content are a top target for cyber criminals and spammers. Websense Defensio technology enabled Websense Security Labs to identify that 95 per cent of user-generated comments to blogs, chat rooms and message boards are spam or malicious,” said the report.

Efforts to self-police Web 2.0 properties have been largely ineffective. Websense research shows that community-driven security tools used on sites like YouTube and BlogSpot are 65 per cent to 75 per cent ineffective in protecting Web users from objectionable content and security risks. “About 69 per cent of all webpages with content classified as objectionable had at least one malicious link. This is becoming more pervasive, as 78 per cent of new web pages discovered in the first half of 2009 with objectionable content had at least one malicious link,” the report adds.

Websense found that 37 per cent of malicious web attacks included data-stealing code, demonstrating that attackers are after essential data.

Websense chief technology officer Dan Hubbard said, “The last six months have shown that malicious hackers and fraudsters go where the people are on the web and have heightened their attacks on popular Web 2.0 sites and continued to compromise trusted sites in the hope of infecting unsuspecting users. From malicious Twitter spam campaigns and blog comment spam to injection attacks, those perpetrating fraud are exploiting the users’trust of known Web properties.”