July 24, 2013, 2:22 PM — Cyber-criminals are compromising websites at hosting companies at an ever furious rate in order to exploit them to host dangerous content and send spam via compromised accounts, according to messaging security firm Cloudmark in its threat report today.
There are now about 500 websites compromised each day as opposed to less than 200 each day last year, with several days in May of this year showing an upward spike of over 1,600 new hacked websites each day, according to Cloudmark. The company's analysis is based on the spam filtering it does for about 2 billion mailboxes worldwide.
Research analyst Andrew Conway says Cloudmark believes more than 2,500 hosting companies have hacked domains, with the largest of them having more than a thousand each. In the U.S, the hosting company with the most hacked domains is SoftLayer, now owned by IBM with more than 6,500 compromised websites currently, he says. In Europe, it's OVH with more than 3,200 hacked domains.
"This is simply a measure of the fact that there are the largest hosting providers," Conway says. "Any large hosting provider is likely to have dozens or hundreds of hacked domains."
[BIG SCARE:12 of the Worst Data Breaches of 2013...So Far]
Cyber-criminals exploit the hacked websites they break into to post content such as porn and malware, for example, to draw in anyone who receives a spam message they send with a link to the compromised website. Sometimes the compromised website is just a place to post a URL re-direction to get to the spammer's landing page.
Breaking into websites at hosting facilities is often fairly easy, according to Cloudmark. "Spammers do not need root access to the account in order to take advantage of it. All they need is a PHP shell, and they exploit a number of different vulnerabilities in order to obtain this access," the report notes.
By far the most common attack technique now is a SQL injection attack in Joomla 1.5, which allows a reset of the admin password, Cloudmark says. "This bug was patched in 2008, but many web sites have not updated their Joomla version since then."
Joomla is the free open-source content management system. Conway says the problem is this old vulnerability in Joomla 1.5 is a tad awkward to patch. The other major content-management system, WordPress, is usually simpler to update, he adds.