Google Safe Browsing Program 5 Years Old – Been Blacklisted Lately?

June 19, 2012 by 5 Comments

Today Google released a nice post: Safe Browsing – Protecting Web Users for 5 Years and Counting. In it they provide a good summary of what they have been up to the past 5 years with their Safe Browsing program.

Here are some interesting data points:

  • 600 million users are protected
  • 9,500 new malicious websites are found every day
  • 12 – 14 million Google Search queries show malicious warnings
  • Provide warnings to about 300,000 downloads per day
  • Send thousands of notifications daily to webmasters
  • Sent thousands of notifications daily to Internet Service Providers (ISPs)


Read More

Filed Under: awareness, blacklisted, community, data, education, Malware, malware_updates, phishing, research, security, stats, sucuri Tagged With: , , , , , , , ,

Blog Comments – Analysing 100,000 Comments and Spammers

May 11, 2012 by 16 Comments

“Nice blog, thanks for the info”

“Awesome site. Great job”

“You should take part in a contest for one of the best blogs on the web. I will recommend this site!”

I know you like flattering comments on your website. And I know you love to see many comments on each one of your posts (say you community participation). Who doesn’t, right? We love them too.

So we decided to take a closer look at the last 100,000 (well, 98,238 to be more exact) comments that were sent to the network of sites that we are monitoring. How much of them are spam? Who are the most annoying spammers? And things like that.


Read More

Filed Under: comment, data, Spam, webinar Tagged With: , , ,

Sucuri SiteCheck – Web Malware Distribution – April 2012

May 1, 2012 by 7 Comments

When we see a compromised site distributing malware, it is often done via 4 methods: Iframe, Javascript, Spam or internal redirections. Those are not the only ways, and they can be encoded or hidden differently internally on the sites, but the final output on the compromised sites is generally one of them:

  1. Iframe injection: It makes the browser loads content from external (and malicious web sites). Example: <iframe src="http://pokosa.com/tds/go.php?sid=1" ..
  2. Javascript injection: Used to encode (hide) calls to iframes or additional remote javascript includes. Example: <script>d= Date ;d=new d();h=-parseInt("012")/5;if(window.document)try{new document.getElementById(“qwe”)…. (this code redirects users to the blackhole exploit kit)
  3. .htaccess (or conditional) redirections: Used to redirect anyone visiting the site from search engines (or specific user agents/ referers) to malware or spam content.
  4. Blackhat SEO spam: It is not really malware in the sense of the word (since it won’t infect anyone visiting the site), but it is still harmful for the webmaster and the site’s reputation (imagine a corporate site redirecting to a viagra  online  store).

April / 2012 stats


Read More

Filed Under: data, Malware, malware_updates, sucuri Tagged With: , , ,

Sucuri SiteCheck – Web Malware Distribution – March 2012

April 5, 2012 by 2 Comments

Apologies for not posting stats for February. We were making some internal changes which delayed the process and skewed the data. Regardless, here are the latest stats for March.

Note: This information is based on infections found using our FREE scanner, SiteCheck. It does not include infections found via our internal monitoring service.
Read More

Filed Under: data, Malware, sucuri

Sucuri SiteCheck – Web Malware Distribution – January 2012

February 10, 2012 by 1 Comment

As many know, we have been offering our free website malware scanner – Sucuri SiteCheck, since early in 2011. In our commitment to continue to give back to the community, we want to share some statistics. We’d like to share the distribution of infections based on the number of sites that are being scanned using Sucuri SiteCheck.

In January, we scanned a couple 100 thousand sites. From those we were able to better understand the distribution of malware.

SiteCheck Web Malware Distro


Read More

Filed Under: data, Malware, SiteCheck, sucuri Tagged With: , , , , , ,

Top linked sites – What webmasters are linking to

July 27, 2011 by Leave a Comment

We scan hundreds of thousands of sites daily here at Sucuri and while analyzing some of the data we got interested on what sites are getting the “link love” more often.

By link love, I mean what “do follow” links most webmasters have in their sites? After extracting the data from the last 500k scans we did, those were the top:

  1. 6.9% – www.facebook.com
  2. 6.4% – twitter.com
  3. 2.8% – wordpress.org
  4. 2.6% – youtube.com
  5. 1.9% – feeds.feedburner.com
  6. 1.2% – www.linkedin.com
  7. 1.2% – www.google.com
  8. 1.1% – validator.w3.org
  9. 1.1% – wwww.adobe.com
  10. 0.9% – www.addthis.com

So it means that 6.9% of the sites had a link to facebook, 6.4% to twitter, etc. I was actually surprised to see validator.w3.org ranked so well. We would be in a much better place if even 1% of the sites validated properly.

It also shows the force of WordPress, with almost 3% of the sites linking there (and probably using WordPress).

Those were the top 30:

  1. www.facebook.com.
  2. twitter.com.
  3. wordpress.org.
  4. www.youtube.com.
  5. feeds.feedburner.com.
  6. www.linkedin.com.
  7. www.google.com.
  8. validator.w3.org.
  9. www.adobe.com.
  10. www.addthis.com.
  11. www.flickr.com.
  12. www.myspace.com.
  13. feedburner.google.com.
  14. www.blogger.com.
  15. www.macromedia.com.
  16. statcounter.com.
  17. www.amazon.com.
  18. www.addtoany.com.
  19. www.wordpress.org.
  20. creativecommons.org.
  21. bit.ly.
  22. en.wikipedia.org.
  23. facebook.com.
  24. www.statcounter.com.
  25. www.liveinternet.ru.
  26. www.histats.com.
  27. feeds2.feedburner.com.
  28. www.apple.com
  29. www.gnu.org
  30. www.stumbleupon.com

It is also interesting that people are linking to shorten URLS (bit.ly) so often too. What do you think? What sites do you have linked in your own sites?

Filed Under: data, stats, sucuri Tagged With: , ,