Malware Mostly Comes from Legitimate Websites
There are scads of websites on the Internet whose sole purpose is to litter your computer with malware — and in all likelihood, you'll avoid these and get infected from an everyday haunt.
A new report from Google suggests that malware infections from malevolent "attack sites," which intentionally distribute harmful software, are relatively uncommon, but compromised legitimate sites are on the rise.
Google's report analyzed two different kinds of unsafe websites: malware sites and phishing sites. Malware sites install harmful software that compromises a user's computer, while phishing sites trick users into giving up their information willingly (often including usernames and passwords to email or bank accounts).
Following a slight dip in popularity in 2012, both malware and phishing sites have been growing in numbers again. Google detected 60,000 new malware and 30,000 new phishing sites each week. More troubling still, almost 400,000 malware and 100,000 phishing pages registered as "safe sites" on its own Safe Browsing program.
Phishing is relatively easy to prevent: Just avoid entering your personal information on any site that seems sketchy. Malware can be a little bit more difficult to avoid. Most savvy Web users know not to click on suspicious links, which will prevent them from logging into attack sites. A paltry 4,000 new attack sites surface each week.
Compromised sites, which are legitimate websites leveraged to distribute malware, are more nefarious. 40,000 legitimate sites fall victim to hacking each month, which pose a considerable threat to everyday users.
Legitimate Web pages do not set off any alarm bells on Google's Safe Browsing, and users have used them previously without any issue. As a result, when a legitimate site acts as a malware carrier, there is no straightforward method to avoid it. Those with anti-malware or Internet security software may get away unscathed, but if your favorite daily site asked you to download something, suspicion may not be your first reaction. [See also: 13 Security and Privacy Tips for the Truly Paranoid]
Not all countries contribute equally to malware distribution, either. Only 2 percent of U.S. websites scanned contained malware. Bosnia and Herzegovina fared the worst, with 15 percent of websites infected, followed by India (14 percent) and Latvia (13 percent), according to the Google report.
Curiously, although Russia is a notorious hotbed of cybercrime activity, only 8 percent of its websites contain malware: a lower percentage than countries like Germany, Spain and Mexico.
Google says it will continue its efforts to make a safer place. In the meantime, users will have to do their fair share. If something looks off about your favorite website, contact the webmaster and Google about it. If users know what to look for, malware from compromised sites can become just as ineffective as their attack site brethren.