In the first two weeks of July, the security company's labs saw more than 500 incidents of such attacks, Websense said on Monday. The free services are being abused to install software designed to steal personal information or hijack a victim's PC.
"July has seen a major boom--in the first two weeks alone, we found more instances than in May and June combined," Dan Hubbard, the senior director of security and technology research at Websense, said in a statement.
For the year until mid-July, the San Diego company found a total of 2,500 incidents.
The free services are an anonymous and affordable way for attackers to store and spread their malicious code. In April, Websense reported that blogging services were being targeted by cybercriminals. The company is now warning that other services that offer free Web space--for example, photo album sites, fan sites or greeting card sites--are also being exploited.
The attackers typically lure people to the malicious sites by sending enticing e-mails and instant messages. When a victim clicks on a link, the computer becomes infected. In one case, a greeting card was displayed and a tune played in the background while spyware was being installed on the compromised PC, Websense said.
Automatic tools can be used to create some of the malicious Web pages, Websense said. Typically, the fraudulent sites are only online for up to four days, which makes them harder to detect, it added.
Websense sells software that protects organizations' networks by blocking access to known malicious Web sites. The company scans millions of sites every day for malicious code. It is advising people to be careful when following Web links and to run up-to-date antivirus software for protection.
