Attackers are using free personal Web hosting sites provided by nationally- and internationally-known ISPs to store their malicious code, and to infect users with worms, viruses, and spyware, a security firm said Monday.

Websense, a San Diego, Calif.-based Web security and content filtering vendor, has detected a big jump in the use of personal hosting sites, said Dan Hubbard, the company’s senior director of security and technology research.

“The growth of this trend is alarming,” said Hubbard. “July has seen a major boom. In the first two weeks alone we found more instances than in May and June combined.”

In the first half of the month, Websense found more than 500 free hosting sites created to spread keyloggers alone, Hubbard added. Since the beginning of the year, it’s uncovered more than 2,500 such sites.

Although the hosted sites purport to offer up everything from online journals and photo albums to blogs and greeting cards, they all have one thing in common, said Hubbard. “Some type of automation was used to set all of them up, and fairly easily, too.” Because they’re free and easily created, they’re considered disposable by the attacker. The average lifespan of such a site, said Hubbard, was between two and four days. They’re attractive for other reasons as well.

Hackers Spreading Spyware From Free Personal Web Sites