Websense and IBM released security reports this week covering topics from spam to research on the impact of publicizing software vulnerabilities.

In his Security Fix blog post, Brian Krebs continues his coverage on badware distribution, prompted by the release of the report from Websense that includes data from the 40 million websites scanned hourly to collect computer security data. According to the Websense report, three quarters of all web sites containing badware, malicious downloads, are legitimate sites that have been hacked, and 60 of the Top 100 most visited websites have at one point during the last year “either hosted malware or forwarded visitors to malicious sites.”

Krebs writes that spam is still a major conduit to disseminate links to dangerously hacked websites:
bq. According to Websense, nearly 30 percent of those links lead to sites that try to plant software which steals passwords and other sensitive data from victims. The remainder of the spam links attempt to install software that lets attackers control the systems from afar, and/or install additional software without the owner’s knowledge.

Badware authors target legitimate sites, using the prior relationship of trust established between that website and computer users to find holes in security system. Users who are familiar with programs such as NoScript, which blocks Javascript, Java, and Flash from executing without express permission of the user, will know that it is possible to allow scripts for specific trusted websites.

Network World’s Ellen Messmer discusses results from both of the reports. The IBM report tracked statistics relating to 3,534 disclosed software bugs. Messmer writes that “[a]ccording to IBM, 95% of all browser-related online exploits occurred within 24 hours of official vulnerability disclosure.”

On a more positive note, the IBM report finds that the incidence of image spam has been reduced, which has forced spammers for now to return to earlier methods. Yet spam and badware are driven by innovative badware writers, who work hard to stay ahead of security researchers. These reports highlight how important it is for computer users to be aware and use aggressive caution. Krebs recommends two excellent pointers to maintaining the sanctity of your computer:

1. Disable automatic downloads.
2. Browse the internet while using a User account that does not allow downloading or changing passwords or computer keys. This tip is applicable in any operating system, and protects users from absent-minded clicks that may lead to future infestation.