Alexa TOP 100k Sites – The Malware Blues

How big do you think the web-based malware problem is? How many sites do you think were hacked and/or infected with malware in the last 6 months? How many of those got blacklisted by Google?

The numbers could have been better for the Alexa Top 100K Sites. This problem extends well beyond the Alexa top site listings, but we wanted to put into perspective that this is a widely spread problem affecting even the most popular of sites.

Just in the last 6 months, more than 1% of the top 1 million sites (according to Alexa) were blacklisted by Google. That’s a total of 10,494 sites.

The thing to consider here is that Google has had accuracy problems in the detecting malware arena (also with blackhat seo spam detection), so there’s a great chance that the total numbers are in fact higher than being reported here.

Alexa Malware NumbersAfter scanning the top Alexa 100k sites daily for the last 6 months here’s what we’ve found:

1,238 (1.2%) sites blacklisted.
2,744 (2.7%) infected with some kind of spam (pharma, movie, etc)
2.323 (2.3%) infected with malware (most of them redirecting to fake AVs).

That’s a total of 3.641 (3.6%). of the top Alex 100k sites either blacklisted, infected with malware or spam. (Percentage based on total infections, blacklisting, or combination of both)

Another thing to notice is that even thought blacklists are useful (like Google), they do not catch everything. It is important to note that users and/or webmasters should not rely on blacklisting status alone. Especially lately with malware authors explicitly checking for Google crawlers and not displaying the malware to it.

This is a breakdown of blacklisted sites per range in the Alexa rankings:

Top 100k: Total of sites blacklist: 1,238
Top 100k-200k: 1335
Top 200k-300k: 1216
Top 300k-400k: 1058
top 400k-500k: 1027
top 500k-600k: 959
top 600k-700k: 909
top 700k-800k: 960
top 800k-900k: 905
top 900k-1m: 887

Interesting to see that the top 300k/400k got a lot more sites blacklisted than the rest (1.25% against 0.85% in the lower rankings).

What this means for webmasters or for site owners?

  1. Every site is a target.
  2. Attackers will scan for everything (including the Alexa list) and try to exploit anyone in there
  3. You have to take care of your site security.

You probably run an AV on your desktop, have a firewall set up, and you keep it updated, right? (We hope you do) You need to take similar measures with your web properties. Keep them updated, follow security best practices and keep it monitored.

Have questions? Leave a comment, we’d love to hear from you.

Is your site infected with malware? Spam? Blacklisted? Don’t know? We can tell you and fix / secure your site for you.

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.