Nine Percent of Websites May be Malicious

Type threatpost
Reporter Brian Donohue
Modified 2013-04-17T20:03:36


Just fewer than 10 percent of websites serve some sort of malicious purpose, with an additional nine percent of sites being characterized as “suspicious” by Zscaler in a new research report.

Zscaler ran 27,000 website URLs through a tool they developed to assess the security of websites and give them a score from zero to 100. Nearly 81 percent of sites scored between zero and 49 (benign). 9.5 percent scored between 50 and 74 percent (suspicious) and another 9.5 percent scored somewhere between 75 and 100 (malicious), according to the company’s State of the Web Report.

The report also indicates that outdated plug-ins and the users that refuse to update them continue to be a serious but improving problem in the enterprise. Zscaler cites the Flashback outbreak, which exploited known java vulnerabilities, as anecdotal evidence of this. The report shows that more than 60 percent of Adobe Reader users are running an outdated version of that software. Adobe Shockwave came in second, with 35 percent of users running an outdated version. Java came in fourth, with a only five percent of users running an outdated version.

It appears also that enterprises are increasing their efforts to block employees from visiting social networking sites. When the quarter opened, social networks only accounted for 2.5 percent of policy blocks; by the end of the quarter, that statistic had increased to four percent.

Some other interesting info-morsels include Zscaler’s findings that Apple devices are becoming more prevalent in the work place as Android and BlackBerry devices become less prevalent. Facebook’s share of Web 2.0 traffic is down slightly from 43 percent in Q4 2011 to 41 percent in Q1 2012. On the other side, Twitter saw its share of such traffic increase over the same period from five percent to seven percent. Zscaler claims that the drop in Facebook’s traffic share is due to corporate policies that are increasingly blocking employee access to that social network while remaining noticeably less concerned about employee access to Twitter. Zscaler also believes that Twitter’s traffic-share increase may suggest that the service is being more widely adopted for use in the enterprise.

Sports and gambling sites generally see a spike in traffic in Q1 that can very likely be attributed to events like the NFL playoffs, Super Bowl, and March Madness in America and the International Cricket Council’s Cricket World Cup in places like India and Australia. This year, those sites’ traffic increased a dramatic 74 percent.