Interesting to read that Websense reckons that a majority of malicious Web sites are now legitimate pages that have been compromised by attackers.
In its report, the IT security firm says that the move means that the numbers of infected legit sites are now surpassing the numbers of sites deliberately created by the hackers.
Websense says that this trend change, which took place in the second half of 2007, poses a serious threat to Netters, as traditional Web site checking systems are not designed to counter legit sites that have been infected.
There is an argument here for behavioural analysis technology, but this presumes that the security software has been programmed to lock down any Web site infections in a few microprocessor cycles, otherwise the users' PC is then infected.
Is there a solution? I suspect that the IT security software gurus are sharpening their developer pens as I write, but unless I'm mistaken, Websense's research effectively spells the beginning of the end for URL checking security software...