Report: Four in 10 Top Websites Are Dangerous

Four in 10 of the top websites pose dangers to visitors. According to cybersecurity vendor Menlo Security, out of the top 100,000 websites as ranked by Alexa, 42 percent are "risky." A risky website is any site that fits one of these criteria:

  • Either the homepage or an associated background site is running vulnerable software;
  • It's known to distribute malware or launch attacks; or
  • It has already suffered a security breach in the past 12 months.

The use of background services is especially troubling, according to Menlo, which published its findings in a "State of the Web 2017" report.

While the security industry puts a lot of attention on the behavior of website visitors, the report noted, "much of the damage wrought by cybercriminals happens behind the scenes, as websites connect with so-called 'background sites.'" Menlo's researchers found that websites rely on an average of 25 other background sites to produce content, such as displaying a video from a media server or serving an ad from an advertising network. Many antivirus and web-filtering programs focus on the primary domain while ignoring the calls to those background sites, the report stated.

Although the report didn't list problematic websites, it did categorize them by type of content. For example, 49 percent of news and media sites "satisfied" at least one of three criteria of riskiness, as did 45 percent of entertainment and arts sites and 40 percent of personal sites and blogs.

While the adult and pornography category had the highest number of risky sites, business and economy sites led the way in the "trusted" category.

Another source of problems is the reliance on "aging software technology," programs that have been around long enough to be "repeatedly compromised" through the years, Menlo researchers asserted. For example, 32,000 sites that were part of the study used Microsoft IIS 7.5, a version released with Windows 7 and Windows Server 2008 R2. Here, business and economy sites led the way, with 51,045 websites relying on software classified as "vulnerable." Also, 9,452 websites for educational institutions made the list of vulnerable sites.

The Menlo report highlighted the problem of websites being identified as unsafe by web security firms, only to transition to a trusted category temporarily and then back again. One unnamed security company, for example, assigned a website to a "Phishing and Other Frauds" category and then briefly reassigned it to a "benign-sounding" category for a couple of days, before yanking it back to the untrusted side.

Menlo advised website owners to run the latest software for their websites and to try programs such as "content-security-policy," to minimize access to malware through background sites. It also encouraged users to "download software updates religiously," stay away from Adobe Flash and use the Chrome browser "when possible." A final bit of advice was to use isolation techniques for web surfing, such as moving the execution of web content to the cloud, preventing malicious code from reaching the user's device.

The report is available on the Menlo Security site (registration required).

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • robot typing on a computer

    Microsoft Unveils 'Computer Use' Automation in Copilot Studio

    Microsoft has announced a new AI-powered feature called "computer use" for its Copilot Studio platform that allows agents to directly interact with Web sites and desktop applications using simulated mouse clicks, menu selections and text inputs.

  • AI microchip under cybersecurity attack, surrounded by symbols of threats like a skull, spider, lock, and warning shield

    Report Finds Agentic AI Protocol Vulnerable to Cyber Attacks

    A new report from Backslash Security has identified significant security vulnerabilities in the Model Context Protocol (MCP), technology introduced by Anthropic in November 2024 to facilitate communication between AI agents and external tools.

  • educators seated at a table with a laptop and tablet, against a backdrop of muted geometric shapes

    HMH Forms Educator Council to Inform AI Tool Development

    Adaptive learning company HMH has established an AI Educator Council that brings together teachers, instructional coaches and leaders from school district across the country to help shape its AI solutions.

  • illustration of a human head with a glowing neural network in the brain, connected to tech icons on a cool blue-gray background

    Meta Introduces Stand-Alone AI App

    Meta Platforms has launched a stand-alone artificial intelligence app built on its proprietary Llama 4 model, intensifying the competitive race in generative AI alongside OpenAI, Google, Anthropic, and xAI.