Nine Percent of Websites May be Malicious

Just fewer than 10 percent of websites serve some sort of malicious purpose, with an additional nine percent of sites being characterized as “suspicious” by Zscaler in a new research report.

Just fewer than 10 percent of websites serve some sort of malicious purpose, with an additional nine percent of sites being characterized as “suspicious” by Zscaler in a new research report.

Zscaler ran 27,000 website URLs through a tool they developed to assess the security of websites and give them a score from zero to 100. Nearly 81 percent of sites scored between zero and 49 (benign). 9.5 percent scored between 50 and 74 percent (suspicious) and another 9.5 percent scored somewhere between 75 and 100 (malicious), according to the company’s State of the Web Report.

The report also indicates that outdated plug-ins and the users that refuse to update them continue to be a serious but improving problem in the enterprise. Zscaler cites the Flashback outbreak, which exploited known java vulnerabilities, as anecdotal evidence of this. The report shows that more than 60 percent of Adobe Reader users are running an outdated version of that software. Adobe Shockwave came in second, with 35 percent of users running an outdated version. Java came in fourth, with a only five percent of users running an outdated version.

It appears also that enterprises are increasing their efforts to block employees from visiting social networking sites. When the quarter opened, social networks only accounted for 2.5 percent of policy blocks; by the end of the quarter, that statistic had increased to four percent.

Some other interesting info-morsels include Zscaler’s findings that Apple devices are becoming more prevalent in the work place as Android and BlackBerry devices become less prevalent. Facebook’s share of Web 2.0 traffic is down slightly from 43 percent in Q4 2011 to 41 percent in Q1 2012. On the other side, Twitter saw its share of such traffic increase over the same period from five percent to seven percent. Zscaler claims that the drop in Facebook’s traffic share is due to corporate policies that are increasingly blocking employee access to that social network while remaining noticeably less concerned about employee access to Twitter. Zscaler also believes that Twitter’s traffic-share increase may suggest that the service is being more widely adopted for use in the enterprise.

Sports and gambling sites generally see a spike in traffic in Q1 that can very likely be attributed to events like the NFL playoffs, Super Bowl, and March Madness in America and the International Cricket Council’s Cricket World Cup in places like India and Australia. This year, those sites’ traffic increased a dramatic 74 percent.

Suggested articles


  • Anonymous on

    The site is lame.  I ran my domains through it and what it considers 'risky' is silly.  One website is composed of a simple javascript  and all static information, yet it was 'risky'.

    Also, references to ( having PHP displayed) increases risk.  Okay, got me there but how much risk???

  • Mike on

    I feel that these numbers may be skewed. Zscaler is a very reputable firm with good products, but the head line of "9% of Web Sites may be malicious"is misleadng, I believe, because these stats come from their site checking tool, in which users submit a questionable site to check if it may be malicious. My basis on saying the numbers may be skewed is that because users are submitting URLs to be checked, the users are probably worried or suspicious of the site in the first place, leading them to run a test on it. So while 9% of sites checked via the zulu service may be malcious in some form or another, it's not as if 9% of ALL web sites/URLS across the Web are malicious, which could lead to FUD-based headlines similar to what we saw with Sophos' "20 of Macs Have Malware on them" (but not saying most of that was Windows malware that wouldn't affect a Mac.

    Just my $0.02.

    Mike Lennon


  • AnonymousWolf on

    lol when I opened this page, it created a popunder ad. IRONIC.

  • Anonymous on

    Money making is the only motive behind most of the websites and online business. very bad and sad situation.

  • shibualex on

    i am member of kasperesky.....

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.