29% of web pages host malware, says Sophos

  • Boston (MA) – Sophos is describing a scary scenario of the state of the Internet today. In its most recent security threat report released today, the company says that malware is waiting for web surfers in almost every third webpage and, even worse, less than 20% pf web pages publish “constructive” content these days.

    If you are worried about inexperienced users in your family or corporation accessing the Internet, then Sophos is delivering new reasons why there indeed should be some concern. According to the firm’s findings, more than 80.5% of the pages of a 1 million page sample that was blocked by Sophos' web security appliance are hosting questionable content in one way or the other.

    The security firm said that 28.8% pages try to sneak malware onto PCs of unsuspecting users, 19.4% deal with spam, 4.3% host illegal content such pirated software and 28% publish pornographic content.

    That leaves 19.5% for “constructive” content, we were told by Ron O’Brien, senior security analyst at Sophos. Interestingly, of those 28.8% of pages hosting malware, Sophos estimates that about 80% of those pages do not know that they were hi-jacked and are distributing malware as a result. This scenario suggests that web design will have to evolve and publishing a website will get more difficult for more and more people and require developers to spend for time on preventing malware from entering their property. Sophos claims that it is discovering 29,000 new webpages hosting malware each day.

    “On some instances,” O’Brien said, “the risks of the Internet already the benefits.” He noted that security issues on the web have become serious enough to have the potential to evolve into an “instability threat to the Internet”.

    On a positive note, that of course means that, in absolute numbers, that there are an estimated 2 billion pages of pages out there you do not have to worry about.

    Sophos also noted that Apache web servers are just as vulnerable to web attacks than Microsoft servers. While there was a major malware outbreak in June that almost excusively hit Apache servers, the company estimates that half of the attacks hit Apache and the other half Microsoft IIS.  

    For users, these findings obviously suggest that anti-malware software is becoming more important. However, O’Brien also said that it is important for users to “treat the Internet with caution and respect”. Education remains the biggest challenge in this environment with “very young” and “very old” being the least experienced groups on the Internet and therefore the most vulnerable ones.