Legitimate Web sites that have been hijacked and used to serve malicious content greately outnumber malicious sites on a list of the most-trafficked sites on Google’s blacklist, according to analysis by security firm Zscaler.
Zscaler analyzed the top one million Web sites on the Web, based on traffic rankings from Alexa, and found 621 of them were blocked by Google’s Safe Browsing feature – an automated Web site blacklist that prevents those using Google’s search engine from clicking on links to sites that are serving malicious content. Of those 621 sites, many of the most trafficked were not malicious sites, but legitimate Web sites that had been compromised and used to serve malicious content, including antivirus software scams and PDF-based malware, according to the post Monday by Julien Sobrier at Zscaler.
Typically, attackers have compromised the Web site and altered it to serve malicious JavaScript or an iFrame containing malicious content. Google opted to blacklist the entire Web site in these cases, rather than just the malicious domain that the compromised site is linking to.
At the top of the list is the site subtitleseeker(dot)com, which Zscaler said is serving malicious JavaScript and which has an Alexa ranking of 6,239. The site received between 4,000 and 12,000 visits daily in the last month.
Sobrier said that Web masters must be vigilant – even well managed and highly trafficked Web sites can fall victim to attack, especially with scammers looking for ways to leverage a sites’s reputation and search engine ranking to spread malicious content and attacks.