Alexa TOP 100k Sites – The Malware Blues

How big do you think the web-based malware problem is? How many sites do you think were hacked and/or infected with malware in the last 6 months? How many of those got blacklisted by Google?

The numbers could have been better for the Alexa Top 100K Sites. This problem extends well beyond the Alexa top site listings, but we wanted to put into perspective that this is a widely spread problem affecting even the most popular of sites.

Just in the last 6 months, more than 1% of the top 1 million sites (according to Alexa) were blacklisted by Google. That’s a total of 10,494 sites.

The thing to consider here is that Google has had accuracy problems in the detecting malware arena (also with blackhat seo spam detection), so there’s a great chance that the total numbers are in fact higher than being reported here.

Alexa Malware NumbersAfter scanning the top Alexa 100k sites daily for the last 6 months here’s what we’ve found:

1,238 (1.2%) sites blacklisted.
2,744 (2.7%) infected with some kind of spam (pharma, movie, etc)
2.323 (2.3%) infected with malware (most of them redirecting to fake AVs).

That’s a total of 3.641 (3.6%). of the top Alex 100k sites either blacklisted, infected with malware or spam. (Percentage based on total infections, blacklisting, or combination of both)

Another thing to notice is that even thought blacklists are useful (like Google), they do not catch everything. It is important to note that users and/or webmasters should not rely on blacklisting status alone. Especially lately with malware authors explicitly checking for Google crawlers and not displaying the malware to it.

This is a breakdown of blacklisted sites per range in the Alexa rankings:

Top 100k: Total of sites blacklist: 1,238
Top 100k-200k: 1335
Top 200k-300k: 1216
Top 300k-400k: 1058
top 400k-500k: 1027
top 500k-600k: 959
top 600k-700k: 909
top 700k-800k: 960
top 800k-900k: 905
top 900k-1m: 887

Interesting to see that the top 300k/400k got a lot more sites blacklisted than the rest (1.25% against 0.85% in the lower rankings).

What this means for webmasters or for site owners?

  1. Every site is a target.
  2. Attackers will scan for everything (including the Alexa list) and try to exploit anyone in there
  3. You have to take care of your site security.

You probably run an AV on your desktop, have a firewall set up, and you keep it updated, right? (We hope you do) You need to take similar measures with your web properties. Keep them updated, follow security best practices and keep it monitored.

Have questions? Leave a comment, we’d love to hear from you.


Is your site infected with malware? Spam? Blacklisted? Don’t know? We can tell you and fix / secure your site for you.

About David Dede

David Dede is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

  • http://careers.stackoverflow.com/pothi Pothi Kalimuthu

    Wow! I wish everyone at the top 100K reads this. Just now the DDOS attack on WP.com has been over. Hope people become more alert on security issues!

  • Pingback: Malware Blues on Top Websites | Planet WordPress()

  • Pingback: IT Secure Site » Alexa TOP 100k Sites – The Malware Blues()

  • http://www.trade4target.net Trade4target

    Thanks so much for this! I haven’t been this moved by a blog for a long time! You’ve got it, whatever that means in blogging. Anyway, You are definitely someone that has something to say that people need to hear. Keep up the good work. Keep on inspiring the people!
    regards:
    trade4target
     

  • http://bslt.databu.com OnlineDataBackup

    I hope people have been smart enough to backup their data before they get hit with any exploits.

  • Ibrahimali2277

    Our website http:www.goldenduas.com contains more information not only to avoid all kinds of natural calamities in the world but also to improve economic growths in business, education, employment, jobs, health, wealth, security, faith, climate changes (heavy snow,rain,heat etc),and causes unity and peace all over the world.Our service  all over the world is a non-profitable service to all mankind and animals.

    Please check our homepage of the website to know our services.
    Otherwise, the public of the world will suffer due to all kind of natural calamities till the day of resurrection and also they will fail to improve in economy in businesses,unity,peace,education,health,wealth,security,faith and also climate changes.
     
    Your Success
    U.Ibrahim Ali

Share This