Survey Highlights Webmasters' Struggles with Hacked Sites
Commtouch and StopBadware Publish Report on Compromised Websites from Site Owner Perspective
Cambridge, Mass. and Sunnyvale, Calif., Feb. 22, 2012—StopBadware and Commtouch® (Nasdaq: CTCH) today published a joint report titled Compromised Websites: An Owner’s Perspective that chronicles webmasters’ experiences with hacked websites. The report presents statistics and opinions on how site owners navigate the process of learning their sites have been hacked and repairing the damage. The report’s findings are based on a survey Commtouch and StopBadware designed and offered to website owners and webmasters over the course of several months.
Data from the poll reveals that malicious actors are often able to compromise legitimate websites without the site owners’ knowledge: over 90% of respondents didn’t notice any strange activity, despite the fact that their sites were being abused to send spam, host phishing pages, or distribute malware. Nearly two-thirds of the webmasters surveyed didn’t know how the compromise had happened.
Other highlights from analysis of the survey’s responses include:
- About half of site owners discovered the hack when they attempted to visit their own site and received a browser or search engine warning.
- 26% of site owners had not yet figured out how to resolve the problem at the time they completed the survey.
- 40% of survey respondents changed their opinion of their web hosting provider following a compromise.
“Cybercriminals can significantly improve their open and click-through rates by distributing badware via legitimate domains. Many site owners are either unaware of the compromise or struggle to remove the infection, which directly contributes to the persistence of, and increase in active badware URLs.” said Amir Lev, Commtouch’s chief technology officer. “Commtouch does its part to protect end-users, enterprises and service providers from compromised sites with a range of cloud-based email security, Web filtering and antivirus tools.”
“The survey results highlighted several aspects of webmasters’ experience with site compromise that may prove eye-opening for the security community,” said StopBadware Executive Director Maxim Weinstein. “There’s a lack of clarity for webmasters about who’s responsible for site security and where to turn when a website is compromised. Webmasters and the wider Internet community therefore benefit from continual efforts aimed at educating them about their responsibilities and those of their hosting providers.”
The report includes several examples of hacked websites as well as the spam emails that may trick users into visiting these sites. In addition to analysis and quotes from site owners, the report provides tips to help webmasters prevent their sites from being compromised. More details, including an infographic and a brief presentation summarizing the report are available at: http://www.commtouch.com/compromised-websites-report-2012 as well as http://www.stopbadware.org/reports.
Commtouch’s team and representatives of StopBadware will be available at the RSA Conference, Booth 253, from February 28 – March 1 in San Francisco, California to discuss the survey results in person.
StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. It began as a project of the Berkman Center for Internet & Society at Harvard University before spinning off as a standalone nonprofit organization in 2010. Corporate partners include Google, PayPal, Mozilla, Verizon, and Qualys. StopBadware is based in Cambridge, Mass. For more information, visit www.stopbadware.org.
Commtouch® (NASDAQ: CTCH) safeguards the world’s leading security companies and service providers with cloud-based Internet security services. Real-time threat intelligence from Commtouch’s GlobalView™ Cloud powers its Web filtering, email security and antivirus solutions, protecting thousands of organizations and hundreds of millions of users worldwide. Information about Commtouch can be found at http://www.commtouch.com or by writing to firstname.lastname@example.org.