One-quarter of the 30,156 websites tested in the second quarter by Zscaler’s Zulu service, which tests the security of websites, were malicious, according to Zscaler’s second quarter 2012 State of the Web report.
Remember, though, users of Zulu send in suspicious websites for testing, so the results are likely to skew from the general website population, said Mike Geide, senior security researcher for Zscaler ThreatLabZ. “Keep in mind that the service is meant to be receiving suspicious websites and reporting results on those sites.”
The State of the Web report found users are slow to update browser plug-ins and attackers know it, as witnessed by the Flashback Trojan, which infected over 650,000 Macs leveraging a Java vulnerability. However, the situation is improving. In the second quarter, only 35% of installed Adobe Shockwave plug-ins were outdated, down from 52% in the fourth quarter of 2011.
Adobe Acrobat was the worst in terms of updating, with close to 62% of plug-ins outdated in the second quarter, followed by Adobe Shockwave with 38%, Microsoft Outlook with 5.7%, and Adobe Flash with 4.3%.
“Outdated plug-ins are vulnerable to exploitation, and the bad guys know that,” Geide said.
Zscaler also identified a number of major websites that suffered a compromise, redirecting visitors to malicious content.
“We noticed that we had some signatures triggering on those pages. We were blocking transactions to those sites. When we dug in to find out what was going on, we found that they had been compromised and were redirecting traffic to an attacker’s website that contained an exploit kit”, Geide said.
In addition, the report found social networking sites accounted for 4% of the websites blocked by enterprises at the end of the first quarter, up from only 2.5% at the beginning of the quarter.