Newsletter Subscribe

Bringing you thought leadership, news, infographics, resources and our own brand of comics each week to your inbox...

New Report Finds 1 Out Of 3 Sites Are Vulnerable To Malware

1 Out Of 3 Sites Are Vulnerable To Malware

A new report published this morning by Menlo Security has alarmingly suggested that at least a third of the top 1,000,000 websites in the world are at risk of being infected by malware. While it’s worth prefacing the findings with the fact Menlo used Alexa to compile the list of the top million – a ranking site which is notoriously flawed with spammers and companies paying to have their own numbers inflated – it is still a worrying trend.

Although the use of the Alexa data might be questionable, the Menlo study’s methodology was sound. They scanned 1.75 million URLs before checking each one against third party classification systems to see if it was reported as malicious, checking IP addresses against a reputation database, and issuing a web request to each URL so they could fingerprint the response and determine what software was in use. The results are astounding – the report found one in five sites are running software with known vulnerabilities, and one in twenty sites were identified by 3rd-party domain classification services as serving malware or spam, or are part of a botnet.


The report claims that its findings prove that the concept of a ‘trusted’ site is a fallacy – with a billion websites already online and an extra 100,000 being added every day, companies’ websites are now being threatened by other sites that are out of their control. They use the example of the recent hacking, which saw attackers exploit a WordPress vulnerability to insert malicious code into the site that was then delivered via the ‘trusted site’ for an unspecified amount of time – possibly months.

Menlo Security’s CTO, Kowsik Guruswamy, had the following to say: “Vulnerable servers (like in Forbes, James Oliver, etc.) are being exploited by cyber criminals as a launching pad for delivering malware to unsuspecting end users. If anything, this act is trending higher. As SSL on the Internet becomes more prevalent, enterprises are going to face a much higher risk. This is partly because most enterprises, for privacy reasons, don’t inspect SSL traffic and this is an easy channel for malware to ride on without getting noticed.

The Worst Offenders

So which sites and sectors can you trust? Unsurprisingly, the worst offenders in the report were sites labelled as “Hate and Intolerance”, with sites that promoted content about violence and child abuse showing vulnerability rates of almost 35 percent. In the regular web, the report noted concern about the number of sites in typically trusted sectors that showed vulnerabilities; for example transport, health, and medicine sites had a rate of 20 percent, while tech sites and business sites both exhibited around 18 percent rates.

What is the solution? We’ve already see more than $70 billion spent on cyber security tools in 2014, yet somehow malware always manages to stay one step ahead. Menlo argue that the incident similar to the Forbes hack will become increasingly common until someone addresses the source of the problem by developing a new tool that can completely stop all web attacks before they reach their target, rather than just investing in new tools that do a better job of detecting infected systems and limiting the impacts of security breaches.

What do you think? Is Menlo’s report accurate? How do you envisage the future of cybersecurity? Let us know in the comments below.

By Daniel Price

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

3 Keys To Keeping Your Online Data Accessible

Online Data Data storage is often a real headache for businesses. Additionally, the shift to the cloud in response to storage challenges has caused security teams to struggle to reorient, leaving 49 percent of organizations doubting their experts’ ability to adapt. Even so, decision makers ...
Read More