It's good to say goodbye to April - it was a busy month of malware. As noted, the SQL injection attacks represented 12% of all ScanSafe malware blocks for the month. But that 12% pales when one considers that blocks in April were up 35% overall (and that's on top of an increase seen in March). What's driving the increases are large (very large) numbers of middle tier sites which have been apparent victims of stolen FTP credentials. The stolen credentials have been having ballooning impact.

All of this is having an enormous impact on web surfers. Because while individually these middle tier sites may not pack in the visitors, collectively they make up the long tail of the Web and account for the bulk of all Web traffic. In April alone, 49% of customers, or a ratio of 1:2 customers innocently accessed one of these impacted sites (of course, protected by ScanSafe throughout).

We'll be sending out more details about this ongoing attack in the coming week.