Cisco researchers have warned about the widening threat of profit-driven web criminals, reporting a 90 per cent increase in the growth of threats coming from legitimate domains.
In its Annual Security Threat Report, Cisco also found that exploited websites were now responsible for more than 87 per cent of web-based threats.
It quoted research from security audit provider White Hat Security, which said that 79 per cent of these websites hosting malicious code were legitimate websites that had been compromised.
In 2008, the increase in malicious or infected websites meant that it was much more common for users to fall victim to hosting exploits that were looking for weaknesses in the user's browser or operating system.
Once the exploit found a suitable weakness, it would start to download malware in the background.
Visitors were often falling victim because they tended to trust legitimate websites fully, as they will often have read content or performed transactions with them before.
Popular methods which Cisco talked about were iFrame exploits, SQL injection, cross-site scripting and cross-site request forgery.
Patrick Peterson, Cisco chief security researcher, said: "Every year we see threats evolve as criminals discover new ways to exploit people, networks and the internet.
"This year's trends underscore how important it is to look at all basic policies and technologies."
Cisco and Peterson also released two video blogs in support of the report, which gave brief descriptions of two other key threat trends which gained prominence in 2008.
Botnets
Reputation hijacking
The full report is available here.
