"Dirtiest" websites host average 18,000 threats
The security vendor on Wednesday put out a list of the most offensive sites on the web -- those hosting the most malware. As can be expected, 48 of the top 100 worst are adult-themed sites, but others featured diverse topics, ranging from deer hunting and catering, to figure skating, electronics and legal services.
Forty of the sites had more than 20,000 threats, according to Symantec. The most offensive site was propagating 56,371 viruses. And, three quarters of the sites on the list have been propagating malware for more than six months.
One U.S.-based catering site was home to 23,414 viruses, four drive by downloads, and three other security threats. A figure skating site hosted 7,135 threats, including viruses, identity-stealing malware and programs that track users' online activity, Dan Schrader, senior product manager, Symantec told SCMagazineUS.com on Thursday.
There are many different ways that sites can be infected with malware, but attackers typically use SQL injection techniques, which exploit vulnerabilities in web server technologies, Schrader said. Other times, the machines of individuals that maintain the website become infected and malware is inadvertently posted when the site is updated.
Schrader said he was surprised that were so many non-adult-themed sites on the list.
“We used to tell people if you stick with the ‘safe neighborhood' you will be safe, and what we are seeing from this list is that it's better if you stick to the safe neighborhood, but that doesn't mean you are safe,” Schrader said. “Your own judgment doesn't tell you anything about the security practices of that site.”
Ken Pappas, vice president of marketing and security strategist at network intrusion prevention vendor, Top Layer Security told SCMagazineUS.com on Thursday that the list of most-offensive websites is ever-changing and new websites are constantly being infected.
“This is not something like building a ten most-wanted for criminals at large,” Pappas said. “Whether it's ten viruses or ten thousand it doesn't matter; the point is, innocent people are going to what they believe is a legitimate and trusted website. They have no idea or warnings it will potentially put malware in the computer.”
According to security vendor Sophos' July security threat report, approximately 23,500 infected webpages are discovered every day – that's a new one every 3.6 seconds.