The driving force behind malware has shifted to money. Therefore, there is more malware in the wild than ever before. Not only are more people involved in the creation and distribution of malware, but the attacks have grown more sophisticated.

Cyber-criminals have learned how to use Malware in order to turn large profits by:

• Stealing confidential data
• Compromising user login credentials
• Stealing financial information
• Making fraudulent purchases
• Creating spam
• Launching Denial-of-Service attacks

To deliver their malicious software to as many victims as possible, cyber-criminals have turned to websites as one of their primary sources of distribution.

Why Websites?

According to Internet World Stats in 2013, there were 2.7 billion active Internet users^[1], and that number continues to grow. Parallel to this, malicious websites have become so prevalent that in the second half of 2012, an average of approximately 30,000 new malicious URLs were crated every day, an increase of more than 50% in comparison to the preceding year^[2].

How malware spreads through websites

Those responsible for infecting websites with malware do so in one of three ways:

• They create a malicious website of their own.
• They exploit a vulnerability on the web server or in its configuration.
• They exploit a vulnerability in the applications the website relies on.

After an attacker has found a vulnerability that he or she can successfully exploit, the attacker just needs to determine how he or she will deliver malware to the website's visitors.

^[1] http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2013.pdf

^[2] http://www.sophos.com/medialibrary/PDFs/other/SophosSecurityThreatReport2012.pdf