Online security firm Websense has revealed the findings from its latest bi-annual research report, which looked at the state of Internet security for the first half of 2010. It found that 79.9% of websites with malicious code are legitimate sites that have been compromised (up from 71% in H2-2009) and 84.3% of all emails were SPAM (down from 85.8%).

Websense used its ThreatSeeker™ Network to discover, classify and monitor global Internet threats and trends. Every hour, it scans more than 40 million websites and 10 million emails for malicious code and unwanted content (spam). We've summarised the major findings below.

Website Security

* Websense Security Labs identified a 111.4% increase in the number of malicious websites from 2009 to 2010.

* 79.9% of websites with malicious code were legitimate sites that have been compromised— an increase of 3% from the last previous period.

* Searching for breaking trends and current news represented a higher risk (22.4%) than searching for objectionable content (21.8%).

* The United States was the top country hosting phishing sites in 2010.

Email Security

* 84.3% of email messages were spam - a 0.7% decrease over last year.

* 89.9% of all unwanted emails in circulation during this period contained links to spam sites or malicious websites - an increase of 4% over 2009.

* Shopping remained the leading topic of spam (12%), although it dropped by 13%. This correlates nicely with economic consumer spending trends, since the recession caused some shoppers to ease back on spending.

* Pump and dump (10%) and education-related (9%) spam emails were also popular. Pump and dump spam is intended to get victims to buy stocks to artificially drive up the stock price, making a neat profit for the spammers who bought the stock at a low price.

* 9% of data stealing attacks happened over email.

Data Security

* The United States was the #1 country were malware connected on the Web.

* pc-optimizer.com was the #1 host of data stealing code in 2010.

* 52% of data stealing attacks occurred over the Web.

* Concerns about accidental data loss have become a front burner issue for many organizations in 2010.

* The United States and China continued to be the top two countries hosting crimeware and receiving stolen data during 2010. The Netherlands has found its way into the top five.

The report showcases how in today's internet landscape, legacy defences simply don't work. Thankfully most people do now have anti-virus, firewalls and proxies installed, but that isn't always enough.

Threats are no longer binary files delivered in attachments, they are script-based attacks and they are embedded in rich media like Flash. And many spread rapidly on the social Web. Reputation filters provide zero security for threats delivered via top “legitimate” websites like Google, Facebook, and YouTube, where 80% of Web traffic goes.