New Study Looks at Risks on Top Web Sites

Barracuda Labs recently released results from a study it conducted on risks consumers face on the Web, which found that every day a top site delivers malware.

The study, "Good Websites Gone Bad," analyzed the 25,000 most popular Web sites worldwide, as ranked by Alexa in February, for malware infections using an automated system.

"One of these tools is an automated system that forces a Web browser inside a Windows virtual machine to visit a URL to see what happens to the browser, its plugins, and the operating system," wrote Paul Royal, Barracuda research consultant, on a blog. "The resulting network-level actions of the virtual machine help us determine, without prior knowledge of specific exploits served to the browser or its extensions, whether a URL serves malicious content."

Conclusions of the report included:

  • Fifty-eight Web sites served "drive-by download exploits," exposing more than 10 million people to malware infections;
  • Domains in 18 countries served malware, with businesses in the United States hosting most of the infected sites at 43 percent, followed by the Netherlands at 19 percent; and
  • Fifty-four percent of infected Web sites have been up and running for more than five years, 43 percent have been up for 1 to 5 years, and 3 percent were created less than a year ago.

"Web security has shifted. If you are a popular Web site or company, the attackers want access to your users. Good sites gone bad is a serious problem," said Paul Judge, chief research officer at Barracuda Networks. "Users must be careful when visiting even long-time trusted sites, and also more than ever legitimate Web sites must take steps to protect their websites from compromise."

The study also found that, on average, two top-ranked Web site deliver malware content each day, "statistically guaranteeing that at least one popular Web site will serve malicious content every day," and the top domains served malware for 23 of the 30 days in February.

Education clients of Barracuda Networks, which provides tools to guard against viruses, include The University of Georgia in Athens, Georgia Institute of Technology in Atlanta, Billings Public Schools in Montana, and Stanislaus County Office of Education in Modesto, CA.

For more information, visit the Barracuda Labs blog. Infographics illustrating the findings of the study are available at barracudalabs.com/goodsitesbad/.

About the Author

Tim Sohn is a 10-year veteran of the news business, having served in capacities from reporter to editor-in-chief of a variety of publications including Web sites, daily and weekly newspapers, consumer and trade magazines, and wire services. He can be reached at [email protected] and followed on Twitter @editortim.

Featured

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • laptop displaying a red padlock icon sits on a wooden desk with a digital network interface background

    Reports Point to Domain Controllers as Prime Ransomware Targets

    A recent report from Microsoft reinforces warns of the critical role Active Directory (AD) domain controllers play in large-scale ransomware attacks, aligning with U.S. government advisories on the persistent threat of AD compromise.

  • laptop displaying a glowing digital brain and data charts sits on a metal shelf in a well-lit server room with organized network cables and active servers

    Cisco Unveils AI-First Approach to IT Operations

    At its recent Cisco Live 2025 event, Cisco introduced AgenticOps, a transformative approach to IT operations that integrates advanced AI capabilities to enhance efficiency and collaboration across network, security, and application domains.

  • educators seated at a table with a laptop and tablet, against a backdrop of muted geometric shapes

    HMH Forms Educator Council to Inform AI Tool Development

    Adaptive learning company HMH has established an AI Educator Council that brings together teachers, instructional coaches and leaders from school district across the country to help shape its AI solutions.