Google Safe Browsing Program 5 Years Old – Been Blacklisted Lately?

Today Google released a nice post: Safe Browsing – Protecting Web Users for 5 Years and Counting. In it they provide a good summary of what they have been up to the past 5 years with their Safe Browsing program.

Here are some interesting data points:

  • 600 million users are protected
  • 9,500 new malicious websites are found every day
  • 12 – 14 million Google Search queries show malicious warnings
  • Provide warnings to about 300,000 downloads per day
  • Send thousands of notifications daily to webmasters
  • Sent thousands of notifications daily to Internet Service Providers (ISPs)

Read More

Blog Comments – Analysing 100,000 Comments and Spammers

“Nice blog, thanks for the info”

“Awesome site. Great job”

“You should take part in a contest for one of the best blogs on the web. I will recommend this site!”

I know you like flattering comments on your website. And I know you love to see many comments on each one of your posts (say you community participation). Who doesn’t, right? We love them too.

So we decided to take a closer look at the last 100,000 (well, 98,238 to be more exact) comments that were sent to the network of sites that we are monitoring. How much of them are spam? Who are the most annoying spammers? And things like that.

Read More

Sucuri SiteCheck – Web Malware Distribution – April 2012

When we see a compromised site distributing malware, it is often done via 4 methods: Iframe, Javascript, Spam or internal redirections. Those are not the only ways, and they can be encoded or hidden differently internally on the sites, but the final output on the compromised sites is generally one of them:

  1. Iframe injection: It makes the browser loads content from external (and malicious web sites). Example: <iframe src="" ..
  2. Javascript injection: Used to encode (hide) calls to iframes or additional remote javascript includes. Example: <script>d= Date ;d=new d();h=-parseInt("012")/5;if(window.document)try{new document.getElementById(“qwe”)…. (this code redirects users to the blackhole exploit kit)
  3. .htaccess (or conditional) redirections: Used to redirect anyone visiting the site from search engines (or specific user agents/ referers) to malware or spam content.
  4. Blackhat SEO spam: It is not really malware in the sense of the word (since it won’t infect anyone visiting the site), but it is still harmful for the webmaster and the site’s reputation (imagine a corporate site redirecting to a viagra  online  store).

April / 2012 stats

Read More

Sucuri SiteCheck – Web Malware Distribution – March 2012

Apologies for not posting stats for February. We were making some internal changes which delayed the process and skewed the data. Regardless, here are the latest stats for March.

Note: This information is based on infections found using our FREE scanner, SiteCheck. It does not include infections found via our internal monitoring service.
Read More

Sucuri SiteCheck – Web Malware Distribution – January 2012

As many know, we have been offering our free website malware scanner – Sucuri SiteCheck, since early in 2011. In our commitment to continue to give back to the community, we want to share some statistics. We’d like to share the distribution of infections based on the number of sites that are being scanned using Sucuri SiteCheck.

In January, we scanned a couple 100 thousand sites. From those we were able to better understand the distribution of malware.

SiteCheck Web Malware Distro

Read More

Top linked sites – What webmasters are linking to

We scan hundreds of thousands of sites daily here at Sucuri and while analyzing some of the data we got interested on what sites are getting the “link love” more often.

By link love, I mean what “do follow” links most webmasters have in their sites? After extracting the data from the last 500k scans we did, those were the top:

  1. 6.9% –
  2. 6.4% –
  3. 2.8% –
  4. 2.6% –
  5. 1.9% –
  6. 1.2% –
  7. 1.2% –
  8. 1.1% –
  9. 1.1% –
  10. 0.9% –

So it means that 6.9% of the sites had a link to facebook, 6.4% to twitter, etc. I was actually surprised to see ranked so well. We would be in a much better place if even 1% of the sites validated properly.

It also shows the force of WordPress, with almost 3% of the sites linking there (and probably using WordPress).

Those were the top 30:


It is also interesting that people are linking to shorten URLS ( so often too. What do you think? What sites do you have linked in your own sites?