Google Detects 760,000 Compromised Websites In One Year


A new study by Google and researchers at the University of California has revealed that 760,935 websites were compromised over a one-year period for the first time.

The study, titled “Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension”, was initially carried out to measure the efficiency of browser, search and direct webmaster notifications with regards to reducing the amount of time a site is compromised.

However during the study, the researchers also discovered that between July 2014 and June 2015, an alarming 16,500 websites were compromised every week.

In terms of its own malware control measures, Google found that when it made contact with web administrators who had signed up to the company’s Search Console directly via email, this led to 75% of sites being re-secured.

Additionally, when Google contacted webmasters with their Whois email addresses, this led to 54.6% of the affected sites fixing their malware problems, compared to 43.4% for sites that were flagged with search warnings.

However, it also noted that many site owners do not address the cause of security compromise, meaning that over 12% of sites fall victim to a new attack within 30 days.

The authors said: “We observe that direct communication with webmasters increases the likelihood of cleanup by over 50% and reduces infection lengths by at least 62%.

“Absent this open channel for communication, we find browser interstitials–while intended to alert visitors to potentially harmful content–correlate with faster remediation.”

Researchers involved include Eric Kuan, Yuan Niu, Lucas Ballard, Kurt Thomas, and Elie Bursztein from Google, as well as with Frank Li, Grant Ho, and Vern Paxson at the University of California.

You can find out more about the study here.