Direct communication with compromised sites helped fix security problems faster, Google’s study found
Researchers at Google and academics at the University of California, Berkeley discovered that nearly 800,000 websites around the world were newly compromised over a one-year period, equivalent to 16,500 per week.
The results suggest the scale of the malware problem, which sees attackers routinely planting malicious code on poorly protected websites.
Such sites are flagged as dangerous by search engines, but helping them to fix the problem is a more difficult matter, Google said.
The study, “Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension”, found that 760,935 sites were compromised during the 12 months to June 2015.
Google found that when it contacted affected web administrators who had signed up for the company’s Search Console directly via email, the communication led to 75 percent of sites being re-secured.
In other cases, Google contacted webmasters via their Whois email addresses, and the study found that this contact, along with displaying browser interstitials and search warnings, led to 54.6 percent of the affected sites fixing their malware problems, compared to a rate of only 43.4 percent for sites that were flagged with search warnings alone.
“Our results indicate that browser interstitials, search warnings, and direct communication with webmasters all play a crucial role in alerting webmasters to compromise and spurring action,” the researchers wrote in the study.
Google said that when its emails included included tips and samples of exacly which pages included harmful content, this, along with expedited notification, helped webmasters fix the problem 62 percent faster than when no tips were included – usually within three days.
Keeping sites secure is another matter, however – the study found that 12 percent of recently fixed sites were compromised again within 30 days.
The findings indicate that while the malware problem is serious, communication with those affected can help, Google said.
“It’s easy for the security community to be pessimistic about incident response being ‘too complex’ for victims, but as our findings demonstrate, even just starting a dialogue can significantly expedite recovery,” the company said in a statement.
The study was carried out by Eric Kuan, Yuan Niu, Lucas Ballard, Kurt Thomas, and Elie Bursztein at Google along with Frank Li, Grant Ho, and Vern Paxson at the University of California, Berkeley.
Are you a security pro? Try our quiz!