The vast majority of the most popular blacklisted websites contain a piece of malicious JavaScript inline. These sites were mostly hijacked by attackers and the malicious code can usually be linked to the Blackhole exploit kit.
 |
| Malicious code found on top blacklisted sites |
I was surprised to find malicious Java applets in second place, having been found on 10% of the blocked sites. Malicious iFRAMEs were the third most prevalent infection and generally resulted from mass SQL injection attacks. Only 2% of the sites are trying to foil users into downloading a malicious piece of code through a fake AV, Flash or codec page.
The scam and spam sites are mostly survey scams (the-rewardline.com, station-awardz-central.com, channelrewardscenter.org, etc.) and work-from-home scams (financereports.co). These sites have been blocked by Google Safe Browsing for months.
Since most the blocked sites are legitimate sites with high traffic, they quickly get cleaned up and removed from the Google blacklist. While the average number of days a top-site is blocked by Google is 7 days, the graph below shows that the vast majority are blocked for only a few days:
 |
The number of top-domains blacklisted, can vary considerably on a daily basis, but the trend is upward – from an average of 400 sites in May to more than 1,000 in July.
 |
| Number of top-websites blacklisted daily by Google |
Here are the top-ranked websites blacklisted by Google since May 2012:
| Domain | Alexa rank | Country |
|---|---|---|
| blog.com | 681 | PT |
| fatakat.com | 699 | US |
| ziddu.com | 878 | GB |
| warez-bb.org | 1,029 | RU |
| vanguardngr.com | 1,528 | US |
| prlog.org | 1,555 | US |
| damnlol.com | 1,949 | US |
| arabseed.com | 2,002 | US |
| h33t.com | 2,213 | CA |
| geo.tv | 2,606 | GB |
Small or big, popular or not, all websites are under attack. No domain can be fully trusted and you never know if attackers managed to breach the protections of the website that you’re currently on.
Leave a reply
