A new report by analyst firm Forrester Research has again highlighted the growing threat to firms of their web sites being infected by malware and their brands being abused in sophisticated phishing attacks.

The Threat Report: 2007 and Beyond, set for launch at this week’s Forrester Security Forum Emea event in Amsterdam, notes that where malware was once prevalent only on questionable web sites, it is to be found frequently on trusted domains today.

“There are countless examples where trusted sites have been compromised to host malware, or code that will redirect the user to a malware site,” said report author Chenxi Wang. “It’s important for operators of trusted sites to be extremely vigilant about the security of their sites so that there is no possibility they could be compromised.”

For sites with large quantities of user-generated content, Wang recommended automated scanning tools to check if any content being uploaded contains malware.
Another conclusion of the report is that firms’ brands are more at risk than ever before from phishing attacks. The new anti-phshing toolbar in IE7 will help users to a certain extent, but to “eradicate phishing completely will require a shift in user behaviour to greater vigilance” said Wang.

But Wang warned that internet service providers are unlikely to take a more proactive stance in scanning traffic for phishing sites and malware because of the risk of false positives, and the degradation of service that may result.

The report also highlights the sophistication of the criminal networks which write and disseminate malware for profit; describing various players in the chain from malware producers, through bot net operators to attack launchers.

“A question I raised in the report is ‘what can the good guys do to disrupt this underground economy and break the economic chain to turn things to our advantage?’,” said Wang.