Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Dozens of Alexa Top 25,000 Domains Serving Malware to Millions, Firm Says

An analysis of the Alexa top 25,000 most popular domains revealed 58 were serving malicious content during the month of February – translating to more than 10.5 million users being targeted by malware, according to research by Barracuda Networks.

An analysis of the Alexa top 25,000 most popular domains revealed 58 were serving malicious content during the month of February – translating to more than 10.5 million users being targeted by malware, according to research by Barracuda Networks.

The firm also found that on average, two of the Alexa top 25,000 domains serve malicious content each day. In addition, Alexa top-ranked domains served malicious content 23 of the 29 days in February, underscoring that the problem is persistent, argued Barracuda Networks research consultant Paul Royal.

“While Alexa does not publish the total number of page views it uses to determine site rankings, there exists sufficient information to determine that number,” Royal explained in a blog post. “As an example, Wikipedia, which represented ~0.54% of total Alexa views in February 2012, reported ~15.75 billion views for the previous month. Working backwards, we can thus calculate that Alexa used an average of (15,756 * 1,000,000)/(29 * (0.5416/100)) = ~100.31 billion views each day to rank the popularity of websites.”

“Using [that] number,” he continued, “we can calculate the affected views for a given site in a 24-hour period. As an example, free-tv-video-online[.]me, which via an ad network served visitors malicious content on February 13, represented ~0.0053% of the total Alexa views, which yields 5,366,895 affected views for that day. However, to estimate how many users were served exploit content, this number must be adjusted to account for the average number of views per user. Fortunately, Alexa makes this information available.”

“Continuing with the example, free-tv-video-online[.]me has an average of 7.2 views per user,” Royal added. “Thus, for this site, 5,366,895 views equates to 745,402 users served malicious content on February 13. Across all 58 sites that (directly or indirectly) served malicious content, there were 44,160,016 affected views from 10,541,379 users.”

Almost all of the sites hitting visitors with malicious content were a year old or more, and more than half of the sites were older than five years. That means attackers were specifically utilizing well-established, long-lived sites for their drive-by download operations, Royal noted.

“Of course, not every user served malicious content was compromised,” he added. “To estimate the number of successfully exploited users, we used several different sources, including Wikipedia’s browser statistics. To begin, if we examine platform and browser popularity, only about half (or 50.81%) of users (who run Windows and IE or Firefox) possess properties conducive to exploitation. According to Adobe, 73% of PC users have the Java plugin installed,” Royal noted. “According to Qualys, 42% of users with the Java plugin installed have versions vulnerable to exploitation. Thus, of 10,541,379 users served malicious content, 42% (insecure Java) of 73% (Java installed) of 50.81% (Windows and Firefox/IE), or 1,642,172, were likely compromised.”

Just recently, an exploit targeting patched-Java vulnerability CVE-2012-0507 was observed being offered as part of the BlackHole crimeware kit. According to Rapid7, users typically lag far behind when it comes to deploying Java fixes. In the first month after a Java patch is released the fix is deployed by less than 10 percent of users, the company told SecurityWeek last week.

Advertisement. Scroll to continue reading.

The domains spanned 18 different countries, meaning that the problem has no geographic barrier, Royal added.

The infographic below summarizes Barracuda Networks’ findings.

Malware Served from Popular Websites

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

Breach and attack simulation solutions provider AttackIQ has appointed Pete Luban as Field Chief Information Security Officer.

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.