Where Are You Most Likely to Pick Up Drive-by Malware? A Porn Website, a Gambling Website, or a Business News Website? The Answer Might Surprise You.

Linda Musthaler
By | February 06, 2013

Posted in: Network Security Trends

All of you porn surfers out there can just relax. Despite what your momma told you, browsing a porn website isn’t the most sure-fire way to get malware put on your PC.

According to the 2013 Cisco Annual Security Report, many people (including security professionals) have preconceived notions about where they are most likely to encounter Web malware. Most people assume that websites that are associated with “risky” activities like crime, sin and sex are lurking with malware that is poised to be downloaded as soon as someone lands on a Web page. They also assume that websites associated with legitimate businesses, government agencies and educational institutions – in other words, “wholesome websites” – will do no harm to visiting PCs. Well, throw all these notions out the window.

According to Mary Landesman, Senior Security Researcher with Cisco, “Web malware encounters occur everywhere people visit on the Internet—including the most legitimate of websites that they visit frequently, even for business purposes. Indeed, business and industry sites are one of the top three categories visited when a malware encounter occurred.”

Cisco’s analysis indicates that the vast majority of Web malware encounters actually occur via legitimate browsing of mainstream websites. In other words, the majority of encounters happen in the places that online users visit the most—and think are safe. Just a few examples of legitimate sites that have been used to deliver malware include employment websites, disaster relief centers, hotel Internet connection sites, and U.S. federal government websites.

Cisco says the #1 category that leads the list of top locations for the likelihood of malware infections is “dynamic content,” which the vendor defines as content delivery systems such as web statistics, site analytics, and other non-advertising-related third party content. Content delivery networks (CDNs) serve a large fraction of the Internet content today, including web objects (text, graphics, URLs and scripts), downloadable objects (media files, software, documents), applications (e-commerce, portals), live streaming media, on-demand streaming media, and social networks. In other words, it’s all the stuff that people surf the Internet for.

If CDNs are #1 for delivering drive-by malware, what’s #2? That dubious distinction goes to online advertising, which, according to Cisco, accounts for more than 16% of total web malware encounters. This makes sense as more businesses allow third party advertising on their websites. The businesses aren’t responsible for the advertising content, which unfortunately makes it a prime method for cyber criminals to set their malware in motion. Respectable organizations such as the New York Times and the Google and Microsoft ad networks have been known to host advertising that delivers malware, dubbed “malvertising” by Cisco.

#3 on the list for serving up malware are the business and industry websites. According to the Cisco report: Online gaming is in fourth place, followed by Web hosting sites and search engines in fifth and sixth places, respectively. The top 20 website categories are absent of sites typically thought of as malicious. There is a healthy mix of popular and legitimate site types such as online shopping (#8), news (#13), and SaaS/business-to-business applications (#16).

Cyber criminals aren’t stupid. They study current browsing habits and exploit the types of websites that more people visit. Barracuda Labs estimates that one out of every 1,000 Web pages that people visit are malicious in some way and attempt to perform some sort of exploit on users. If you think about how many Web pages you visit each day, your odds are pretty good for encountering drive-by malware—but it may not come from the sites that you would expect.

You May Also Be Interested In: