New Study Looks at Risks on Top Web Sites

Barracuda Labs recently released results from a study it conducted on risks consumers face on the Web, which found that every day a top site delivers malware.

The study, "Good Websites Gone Bad," analyzed the 25,000 most popular Web sites worldwide, as ranked by Alexa in February, for malware infections using an automated system.

"One of these tools is an automated system that forces a Web browser inside a Windows virtual machine to visit a URL to see what happens to the browser, its plugins, and the operating system," wrote Paul Royal, Barracuda research consultant, on a blog. "The resulting network-level actions of the virtual machine help us determine, without prior knowledge of specific exploits served to the browser or its extensions, whether a URL serves malicious content."

Conclusions of the report included:

  • Fifty-eight Web sites served "drive-by download exploits," exposing more than 10 million people to malware infections;
  • Domains in 18 countries served malware, with businesses in the United States hosting most of the infected sites at 43 percent, followed by the Netherlands at 19 percent; and
  • Fifty-four percent of infected Web sites have been up and running for more than five years, 43 percent have been up for 1 to 5 years, and 3 percent were created less than a year ago.

"Web security has shifted. If you are a popular Web site or company, the attackers want access to your users. Good sites gone bad is a serious problem," said Paul Judge, chief research officer at Barracuda Networks. "Users must be careful when visiting even long-time trusted sites, and also more than ever legitimate Web sites must take steps to protect their websites from compromise."

The study also found that, on average, two top-ranked Web site deliver malware content each day, "statistically guaranteeing that at least one popular Web site will serve malicious content every day," and the top domains served malware for 23 of the 30 days in February.

Education clients of Barracuda Networks, which provides tools to guard against viruses, include The University of Georgia in Athens, Georgia Institute of Technology in Atlanta, Billings Public Schools in Montana, and Stanislaus County Office of Education in Modesto, CA.

For more information, visit the Barracuda Labs blog. Infographics illustrating the findings of the study are available at barracudalabs.com/goodsitesbad/.

About the Author

Tim Sohn is a 10-year veteran of the news business, having served in capacities from reporter to editor-in-chief of a variety of publications including Web sites, daily and weekly newspapers, consumer and trade magazines, and wire services. He can be reached at [email protected] and followed on Twitter @editortim.

Featured

  • digital network grid shows lines and nodes, with one node highlighted in red

    3 in 4 Education Institutions Have Uncovered a Cyber Attack on Their Infrastructure in the Past Year

    Seventy-seven percent of institutions across K-12 and higher education have identified a cyber attack on their infrastructure within the past 12 months, according to a new survey from cybersecurity company Netwrix.

  • landscape photo with an AI rubber stamp on top

    California AI Watermarking Bill Supported by OpenAI

    OpenAI, creator of ChatGPT, is backing a California bill that would require tech companies to label AI-generated content in the form of a digital "watermark." The proposed legislation, known as the "California Digital Content Provenance Standards" (AB 3211), aims to ensure transparency in digital media by identifying content created through artificial intelligence. This requirement would apply to a broad range of AI-generated material, from harmless memes to deepfakes that could be used to spread misinformation about political candidates.

  • depiction of cybersecurity funding featuring a shield with a glowing digital lock at its center

    Application Window for FCC Cybersecurity Pilot to Open Sept. 17

    The application filing window for the Federal Communications Commission Schools and Libraries Cybersecurity Pilot Program will be open from Sept. 17 to Nov. 1, 2024.

  • futuristic VR goggles with blue LED accents, placed in front of a fantastical landscape featuring glowing hills, a shimmering river, and floating islands under a twilight sky

    Los Angeles Unified School District Adopts VR Learning Platform, Resources

    Los Angeles Unified School District (LAUSD) recently announced a partnership with Avantis Education to bring educational virtual and augmented reality (VR/AR) solution ClassVR to its students. A news release reports that the district has already deployed more than 16,000 ClassVR headsets as part of the Los Angeles Unified Instructional Technology Initiative.