The Channel logo


By | Team Register 19th April 2016 06:58

Google found 760,935 compromised web sites in a year

There's a lot of lazy and/or lousy webmasters out there who don't know they're p0wned

Google and university researchers say the tech giant found some 760,935 compromised websites across the web during a year-long research effort.

Google's Eric Kuan; Yuan Niu; Lucas Ballard; Kurt Thomas, and Elie Bursztein joined the University of California, Berkely's Frank Li, Grant Ho, and Vern Paxson in writing Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension [PDF]

In it the team says the Choc Factory usually emails the admins of hacked sites operating its Search Console. It finds up to three quarters of admins will expunge malware when emailed, while about half act when their sites are painted with browser and search warnings.

Most admins were quicker to patch and purge when tipped off by Google to the malware menace, with about 12 per cent falling flat and being compromised again within 30 days.

The figures are pulled from a pool of 760,935 breaches Google detected in the 12 months to June 2015.

"Our results indicate that browser interstitials, search warnings, and direct communication with webmasters all play a crucial role in alerting webmasters to compromise and spurring action," the academics say.

"… we found Safe Browsing interstitials, paired with search warnings and WHOIS emails, resulted in 54.6 percent of sites cleaning up, compared to 43.4 percent of sites flagged with a search warning alone.

"Above all, direct contact with webmasters increased the likelihood of remediation to over 75 percent".

The research is Google's latest effort to bring web admins into its anti-malware embrace. Google has urged admins to sign up to its Safe Browsing alerts.

The tech giant now shares URLs linked to social engineering, unwanted and malicious software, to help admins understand the threats they face.

It monitors some 22,000 autonomous systems or about 40 percent of total active networks, and provides some 250 reports each day to some 1300 administrators. The Alphabet subsidiary's done so since 2011. ®

comment icon Read 30 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe