According to Google’s online security blog, their initial review of “suspicious” URLs has revealed one million malware-infected sites.
Sounds horrible, doesn’t it? Well, according to them it’s basically good news:
“Unfortunately, the scope of the problem has recently been somewhat misreported to suggest that one in 10 websites are potentially malicious. To clarify, a sample-based analysis puts the fraction of malicious pages at roughly 0.1%.”
So I guess “1 million sites” is supposed to be one of those things that sounds worse than it is.
There is no mention of what servers are being infected (apache on a UNIX-based system? IIS on Windows?). Perhaps they do not have that data, or decline to provide it.
They also mention the following, which is particularly interesting:
“In most cases, the web sites that infect your system with malware are not intentionally doing so and are often unaware that their web servers have been compromised.”
Does this mean these installations are not taking anti-malware precautions, or that these are malware infections that do not get detected?
The article also discusses the geographic distribution of the sites engaged, such as the location of compromised web sites shown above.
This is a new site for Google (the above article is the first post), and it’s worth a look. The comments to the article are worth reviewing as well.