Google Compromised Website Research is Malware Wake-up Call for Unaware or Lazy Web Admins
A recent study by Google and the University of California, Berkeley researchers has not only found a surprisingly large number of compromised websites, but has found that direct contact made with webmasters during the study served as a web security ‘wake-up and take action’ call.
The research results presented at the International World Wide Web Conference found that 760,935 compromised websites had been discovered during the year-long research period to June 2015.
What Risks Are We Talking About?
According to Google’s figures, over 10 million users every week encounter harmful websites that deliver malware and scams. The kinds of risks that can compromise websites include malicious drive-by-downloads and exploits, malicious distribution domains, social engineering sites, and unwanted malware such as ad-injectors, and traditional trojans.
Webmasters Need to Be Aware AND take Action
The central idea of the research was based around the fact that although Google’s ‘Safe Browsing’ and Google Search have features that protect visitors from dangerous content e.g. by displaying browser warnings and labelling search results with ‘this site may harm your computer’, the compromised site is still a problem that needs to be fixed.
Warnings Not Enough - Direct Contact Is The key
The research in essence appears to have supported what had already been suspected i.e. that the best way to tackle the problem of compromised websites was to make direct contact with the webmaster about it, and thus prompt them to act to put things right.
The researchers found that only 43% of sites flagged with a search warning alone are then cleaned up by the webmaster. The figure increases to in 54.6% if a combination of browsing interstitials, search warnings and WHOIS emails are used.
What Does This Mean For Your Business?
Your business website could become compromised by cyber criminals if security precautions are not taken or it may even be the case that your website is compromised now and you / your webmaster is not aware of the fact or what to do to patch and purge to remedy the situation.