Malware Infections Are Usually From "Legitimate" Websites

You're more likely to encounter malware through reputable, hacked services than seedy, illict websites.

If you've spent even a small amount of time on the internet, you're probably aware of a simple fact: Malware is everywhere. Everywhere. Hiding in your computer, tracking your private data, and generally being a pain in everyone's digital rear end. Thankfully, there's lots of advice on avoiding malware infections, the most common being to show discretion with the pages you visit. Just avoid obscure and untrusted "phishing" websites asking for personal information, and you'll bypass 90-95% of the bad stuff, right? According to Google, no, not really. The web giant has updated its Transparency Report with breakdowns on common infection sources, revealing the biggest malware culprits to be compromised "legitimate" pages that unwittingly take advantage of visitors.

Let's make one thing clear: It is still a horrible idea to just visit some illict porn site and start downloading everything you see. That will turn out badly. What Google's saying is that the vast majority of malware infections come from perfectly legal services which most users assume are safe. Some are small Mom-and-Pop operations, others could be significantly larger, but all have vulnerabilities that hackers took advantage of. Google blocks approximately 10,000 of these websites per day to stem the tide, but with up to 90,000 infections detected during especially infectious weeks, the company is clearly involved in a long-term struggle.

That said, it's not all bad news. As webmasters become more aware of online security, the response time between detecting an infection and repairing it has dropped dramatically in recent years. Google's Safe Browsing, for example, informs users and webmasters when websites have been compromised, discouraging traffic until the problem is fixed. We'll probably never fully get rid of malware, considering that approximately 100 million browsers see warnings each week. Still, while the number seems daunting, the fact that we know about it at all is a step in the right direction.

Source: Google Transparency Report, via Ars Technica

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed


US-CERT Latest Warnings

Latest US-CERT Released Warnings