According to a new Websense report on security threat trends, a staggering 95 percent of all "user-generated comments" for blogs, chatrooms and message boards online are spam or malicious.
"That's the first time we started monitoring that," says Patrick Runald, Websense senior manager for security research, about the level of spam and malware ploys carried out around blogs and chatrooms.
The Websense Security Labs "State of Internet Security Q1 - Q2 2009," which covers the period up to June of this year, also notes that the number of malicious websites for the period more than tripled. In addition, 77 percent of websites with malicious code are said to be legitimate sites that have been compromised.
"The bad guys are finding new ways for disseminating malware," Runald said. "It's getting worse."
According to the Websense Security Labs report, based on data collected in part from scanning 40 million websites every hour, 61 percent of the Top 100 sites are said to either be hosting malicious content or containing a masked redirect to lure unsuspecting victims from legitimate sites to malicious ones.
More than 47 percent of the Top 100 sites, particularly social-networking sites, such as Facebook or YouTube, support user-generated content, which the report notes is becoming a significant way to disseminate malware and conduct fraud.
"On Facebook and other social-networking sites, there's an explicit sense of trust," says Runald. "That's why the bad guys are attempting to exploit it, with malware like Koobface, which could hijack your machine and send messages."
In the area of cybercrime, one significant attack that took place involved criminals seizing control of the CheckFree website and attempting to re-direct users to a website hosted in Ukraine that tried to install malware on victims' computers. The report said CheckFree has more than 24 million customers and controls 70 percent-80 percent of the online bill-payment market.