Incident Response, Malware, TDR, Vulnerability Management

Google releases study on infected websites; more than 760K sites compromised annually

Google researchers partnered with a research team from the University of California, Berkeley to analyze the infection and potential remediation of more than 760,000 websites during an 11-month period.

The joint study examined compromised websites from July 2014 until June 2015 and studied methods of addressing security issues involving infected websites, including servers that are vulnerable to Heartbleed, DDoS attacks, or other exploits, such as malicious code.

University of California, Berkeley's International Computer Science Institute's Frank Li, Grant Ho, and Vern Paxson; and Google researchers Eric Kua, Yuan Ni, Lucas Ballard, Kurt Thomas, and Elie Bursztein participated in the study.

The researchers found that when webmasters were alerted through both Safe Browsing displays and search alerts, 55 percent of the infected sites were addressed. Contacting webmasters directly through emailing caused remediation rates to increase to more than 75 percent.

Most of the webmasters addressed their infected sites when they received their first alert. However, the notices did not always lead to timely responses; 20 percent of operators received multiple notices before addressing infections of their websites.

“Equally problematic, many site operators appear to address only symptoms rather than the root cause of compromise,” the report noted. The websites were promptly re-infected. Ten percent of the websites alerted through Safe Browsing were compromised again within one day, the report stated.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.