Many businesses have no idea that they have been hacked until they receive a warning from their protection technology.
According to a survey by Commtouch and StopBadware of 600 webmasters between November 2011 and January 2012, more than 90 per cent of respondents didn't notice any strange activity after being hacked, despite the fact that their sites were being abused to send spam, host phishing pages, or distribute malware.
Also, 63 per cent did not know how the compromise had happened, while 20 per cent admitted that a failure to keep plug-ins and software up to date was a factor in getting infected.
Of the respondents, 36 per cent who were made aware of a compromise did not know what their site was misused for; 25 per cent believed that their websites were used to host malware; 18 per cent to redirect to other websites; four per cent to host phishing pages; and another four per cent felt that pages on the website would be vandalised.
Just under half (49 per cent) were notified of being infected by a browser warning, and 18 per cent were informed by a colleague or friend. Forty per cent of survey respondents changed their opinion of their web hosting provider following a compromise, while 46 per cent fixed the exploit themselves after detection.
Amir Lev, Commtouch's chief technology officer, said: “Many site owners are either unaware of the compromise or struggle to remove the infection, which directly contributes to the persistence of, and increase in, active badware URLs.”
Maxim Weinstein, executive director of StopBadware, said: “The survey results highlighted several aspects of webmasters' experience with site compromise that may prove eye-opening for the security community.
“There's a lack of clarity for webmasters about who's responsible for site security and where to turn when a website is compromised. Webmasters and the wider internet community therefore benefit from continual efforts aimed at educating them about their responsibilities and those of their hosting providers.”