Author: Solange_Desc27 Employee Posted: 11-Jun-2014 | 2:49PM · Edited: 05-Mar-2020 | 10:04AM · 0 Comments
We all know that the Internet can house all kinds of cyber scams and exploits, but did you know that certain kinds of websites are statistically more likely to host malware than others? You might think avoiding the obviously dodgy corners of the Internet is enough, but in fact approximately 67 percent of websites used to distribute malware are legitimate but compromised sites. You could be visiting them every day.
Software is constantly changing, and it takes time and resources to keep a website running on the latest, fully patched software. According to Symantec’s security expert, Kevin Haley, much of the time it’s a case of website owners “making it easy for the bad guys”.
“The ability of attackers to get on a legitimate website is related to the software that is running on that site,” he explains, “and vulnerabilities the software has that the attacker can take advantage of. This is directly correlated to the high number of websites that have unpatched vulnerabilities.”
Which Sites Are Vulnerable?
Thankfully, we have information on what kinds of sites are most susceptible to compromise, thanks to data from users of Norton Web Safe, which monitors billions of traffic requests and millions of software downloads a day. The top ten most frequently exploited website categories might not be what you expect.
Top 10 "Riskiest" Sites For 2013:
1. Technology sites
2. Business sites
3. Hosting sites
4. Blogging sites
5. Illegal sites
6. Shopping sites
7. Entertainment sites
8. Automotive sites
9. Virtual Communities
10. Educational sites
Top of the list for 2013 is the technology sector, which made up a massive 9.9 percent of all infected websites, closely followed by business websites with 6.7 percent. Interestingly, Symantec also found that hosting and blogging sites had more infections than illegal websites, which only managed fifth place. This is most likely due to the ease with which blogging sites can be set up by anyone using free platforms, where huge numbers of sites are still running old software versions. Completing the top ten we have shopping, entertainment and automotive sites, virtual communities and – rather worryingly – educational sites.
How Are These Sites Affected?
The types of exploit vary by category as well, as you might expect. The compromised technology and business sites relied heavily on malware and fake antivirus attacks; hosting sites were all about scams; while blogging sites used browser exploits extensively. A popular method saw attackers share a link to a compromised blogging site on social networks.
The methods and types of websites change every year, and they follow the line of least resistance, says Haley. “It is completely related to software updating and patching. A new version of some software comes out, website admins update. The update patches known vulnerabilities, these websites are now less likely to be compromised.” And the attackers move on to the next target.
Of course, avoiding entire categories of websites is a pretty impractical way of using the internet, and as Haley points out, it’s also “unfair to sites in any category that make the effort to stay malware free”. Instead, an awareness of the statistics can help you to be more careful on certain sites, and the best line of defence is always security software. Norton Internet Security knows the difference between safe and dangerous sites, and it prevents exposure to the latter automatically.