From Ars Technica:
“According to security firm WebSense, the number of legitimate web sites that have been hacked and are distributing or enabling various types of malware attacks is greater than the number of malicious sites created specifically for that purpose. The company’s latest report (PDF) discusses this trend, along with the tremendous impact the Storm Worm had on the ‘Net through all of 2007. As WebSense states, there’s a clear advantage to infecting a legitimate site that comes with its own built-in traffic and a user base.
The type of theft varies depending on the site. Personal data and credit card information are the most obvious acquisition targets, but online gaming account theft and click-fraud are apparently common as well. It’s well known that there are forums, discussion groups, and IRC channels devoted to the topics of which web sites are known to be vulnerable. The problem also runs deeper than simply educating administrators about security vulnerabilities in the software that they use—locating the correct host provider for any particular web space can be difficult, and many sites don’t fall off WebSense’s malicious site blacklist quickly, sometimes remaining there for weeks or even months after being notified of a problem. ”