Google blocks on infected legitimate sites increases by 150 per cent
Google blocks on infected legitimate sites increases by 150 per cent

The number of top-ranked websites blacklisted daily by Google in the second quarter of 2012 increased by 150 per cent year on year.

According to Zscaler ThreatLabZ, the number of top-ranked websites (per Alexa rating) that were blacklisted increased, while 76 per cent of these websites were blacklisted because they contained a piece of malicious JavaScript, which most of the time was linking to the Blackhole exploit kit.

Julien Sobrier, senior security researcher at Zscaler, said that ten per cent of the blocked websites had malicious Java applets, while malicious iFrames were the third most prevalent infection and generally resulted from mass SQL injection attacks. 

“Only two per cent of the sites are trying to foil users into downloading a malicious piece of code through a fake AV, Flash or codec page,” he said.

“Since most of the blocked sites are legitimate sites with high traffic, they quickly get cleaned up and removed from the Google blacklist. While the average number of days a top site is blocked by Google is seven days, the vast majority are blocked for only a few days.”

The research found that the number of top domains blacklisted can vary on a daily basis, but the average changed from 400 in May, to more than 1,000 in July.

“Small or big, popular or not, all websites are under attack. No domain can be fully trusted and you never know if attackers managed to breach the protections of the website that you're currently on,” Sobrier said.