Online malware isn’t just located in the places users might expect. Two recent reports show there are plenty of dangers lurking in sites most folks assume to be safe.
Shady websites, such as those related to pornography and illegal downloads, are certainly a dangerous part of the web. But increasingly frequent sources of trouble are legitimate sites that have been infected with malware.
The most easily compromised type of site? That would be those belonging to schools, according to a recent report by WhiteHat Security.
Throughout 2010, 71% of educational institutions’ websites had some kind of vulnerability that could have been exploited by hackers. Another 18% had vulnerabilities for part of the year.
Other industries’ sites didn’t fare much better: 58% of social networking sites, 51% of retail sites and 51% of tech company sites were vulnerable every day of 2010.
The best-performing industry was banking, among which 51% of sites were ranked as “rarely vulnerable.” But that still means almost half the sites could have been exploited at some point.
What do all those vulnerabilities mean? For IT, the danger is twofold. First, all companies must take steps to ensure their websites are free from security holes. Vulnerabilities found included data leakage, SQL injection and cross-site scripting vulnerabilities, which can lead to stolen information, disruptions in business and malware on visitors’ machines.
IT also must be careful about users visiting compromised sites. Many folks mistakenly believe you have to travel to shady parts of the web to run into security trouble, but as this study shows, that’s not the case.
Another place users can easily run into malware: search engines.
The amount of search engine malware increased by 55% compared to the previous year, according to Barracuda Networks’ 2010 Annual Security Report. One out of every five keyword searches leads to malware, and one out of every 1,000 search results is a link to malware.
To keep that malware from infecting your company’s network, experts recommend making sure all security software is up to date and training users to be aware that malware can come from trusted sources.