Google uncovers 16,500 infected websites per week
Research discovers webmasters are failing to respond to malware-infected websites
Researchers at Google and academics at the University of California discovered more than 750,000 compromised websites across the Internet over a one-year period.
However more worryingly, with over 12% of recently fixed websites falling victim again to a new attack within 30 days, webmasters are failing to respond to the malware-infected websites.
The study, "Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension" found that the problem stems from malware and that attackers continuously plant malicious code on poorly protected websites.
"The proliferation of web threats such as drive-by downloads, cloaked redirects and scams stems in part from miscreants infecting and subverting control of vulnerable web servers," said the report. "Sites operating popular platforms such as WordPress, Joomla, and Drupal faced an increased risk of becoming compromised, primarily because miscreants focused their efforts on exploits that impacted the largest market share."
Google and Berkeley academics found that webmasters who had registered their sites with Google's Search Console, meant that webmasters who were emailed about a breach were able to fix the problem 62% faster.which is within three days, than those who did not receive any tips on how what to do post-breach.
"As we work to make the web a safer place, we think it's critical to empower webmasters and users to make good security decisions. It's easy for the security community to be pessimistic about incident response being ‘too complex' for victims, but as our findings demonstrate, even just starting a dialogue can significantly expedite recovery," Googlers Kurt Thomas and Yuan Niu of Google's Spam & Abuse Research team said in a blog post
The study was carried out by Google's Eric Kuan, Yuan Niu, Lucas Ballard, Kurt Thomas, and Elie Bursztein and the University of California, Berkely's Frank Li, Grant Ho, and Vern Paxson, between July 2014 and June 2015.