Google Compromised Website Research is Malware Wake-up Call for Unaware or Lazy Web Admins

A recent study by Google and the University of California, Berkeley researchers has not only found a surprisingly large number of compromised websites, but has found that direct contact made with webmasters during the study served as a web security ‘wake-up and take action’ call.

The research results presented at the International World Wide Web Conference found that 760,935 compromised websites had been discovered during the year-long research period to June 2015.

What Risks Are We Talking About?

According to Google’s figures, over 10 million users every week encounter harmful websites that deliver malware and scams. The kinds of risks that can compromise websites include malicious drive-by-downloads and exploits, malicious distribution domains, social engineering sites, and unwanted malware such as ad-injectors, and traditional trojans.

Webmasters Need to Be Aware AND take Action

The central idea of the research was based around the fact that although Google’s ‘Safe Browsing’ and Google Search have features that protect visitors from dangerous content e.g. by displaying browser warnings and labelling search results with ‘this site may harm your computer’, the compromised site is still a problem that needs to be fixed.

Ways need to be found therefore to ensure that webmasters are made aware of the problems with their websites, and prompted to act quickly so that the sites are no longer a risk.

Warnings Not Enough – Direct Contact Is The key

The research in essence appears to have supported what had already been suspected i.e. that the best way to tackle the problem of compromised websites was to make direct contact with the webmaster about it, and thus prompt them to act to put things right.

The researchers found that only 43% of sites flagged with a search warning alone are then cleaned up by the webmaster. The figure increases to in 54.6% if a combination of browsing interstitials, search warnings and WHOIS emails are used.

However, the researchers found that the best way to reduce the risks posed by compromised websites through prompting action by the webmaster was to make direct contact with the webmaster about it. Figures show that direct contact with webmasters increased the likelihood of remediation to over 75%.

What Does This Mean For Your Business?

Your business website could become compromised by cyber criminals if security precautions are not taken or it may even be the case that your website is compromised now and you / your webmaster is not aware of the fact or what to do to patch and purge to remedy the situation.

By signing up to Google’s Safe Browsing Alerts you / your webmaster can get useful information for protecting your users, such as information about and URLs related to unwanted software, malicious software, and social engineering.

Google’s Safe Browsing Alerts benefits from information gained by Google through its monitoring of around 40% of total active networks.

Prioritising the security aspect of your company’s IT governance, especially cyber protection is also an important step towards protecting your company and its stakeholders from cyber threats and other IT related crime.