Use of legitimate sites in malicious web attacks

Posted on behalf of Dan Bleaken, Senior Malware Data Analyst, Symantec Hosted Services
The MessageLabs Hosted Web Security Service (WSS) blocks millions of web requests every day to protect users from content that is either malicious or has been determined to be off limits based on company policy.  In a typical week in 2010 Symantec Hosted Services performs about 107 million blocks (up from 90 million per week in 2009), on 5-10 million distinct URLs, for several thousand clients.  That’s tens of thousands of blocks per client per week on average.   
Of these blocked URLs, 99.96% are policy based blocks the biggest proportion of which is for advertising, mostly pop-up ads or auto-forwarding to ads.  Also, Symantec Hosted Services blocks web sites related to Adult/Sexually Explicit material, Violence, Tasteless & Offensive material, Weapons, Criminal Activity, Gambling and Illegal Drugs to name a few.  Clients have full control over what sites are off limits based on company policy. For example, a company whose business is betting/gambling would allow staff to view gambling sites as part of their job.
The remaining 0.04% of blocks is malicious. While this number may seem small, it could realistically translate to many tens of thousands of blocks in a week.  The malicious blocks are tiny in proportion to all blocks but very important as they are of great risk to the client.  Malicious (continue reading...)