1.5 million infected with drive-by malware in February

Barracuda Labs used its own sandboxed analysis of Alexa’s 25,000 top-ranked websites (Alexa gathers web browsing statistics via a free toolbar installed on participants’ browsers). By visiting these 25,000 sites and examining the effect of those visits during February, Barracuda found that 58 of the world’s most popular websites were serving malware to visitors.

By then applying different statistics from different sources, Barracuda sought a statistically valid analysis of the overall threat. For example, blogs Barracuda, “Wikipedia, which represented ~0.54% of total Alexa views in February 2012, reported ~15.75 billion views for the previous month. Working backwards, we can thus calculate that Alexa used an average of (15,756 * 1,000,000)/(29 * (0.5416/100)) = ~100.31 billion views each day to rank the popularity of websites.”

Starting from this basis, Barracuda was able to deduce, “Across all 58 sites that (directly or indirectly) served malicious content, there were 44,160,016 affected views from 10,541,379 users.” But the analysis doesn’t stop there. Concentrating on the most common exploits (directed against the Java browser plug-in), and using statistics from Adobe and Qualys, “of 10,541,379 users served malicious content, 42% (insecure Java) of 73% (Java installed) of 50.81% (Windows and Firefox/IE), or 1,642,172, were likely compromised.” That is, according to Barracuda’s analysis that commenced with visiting Alexa’s 25,000 top-ranked websites, more than 1.5 million users were infected by visiting popular websites.

Further conclusions drawn by Barracuda are that this is not an isolated problem but a continuous one, and at least one popular website will serve malicious content every day. “Over 97% of sites that served visitors malicious content were at least one year old; over half were on sites more than five years old. That means attackers use well-established, long-lived websites for their drive-by download campaigns.”

The extent of this problem can be seen on an associated Barracuda infographic. It shows the compromised sites ranging from free-tv-video-online.me (Alexa ranking: 1,293) with an estimated 745,402 affected users to allyoulike.com (Alexa ranking: 24,873) with an estimated 49,171 affected users. “Good sites gone bad is a serious problem,” concluded Paul Judge, chief research officer at Barracuda Networks. “Users must be careful when visiting even long-time trusted sites, and more than ever legitimate websites must take steps to protect their websites from compromise.”

What’s Hot on Infosecurity Magazine?