Badware stats

Badware stats

These are some statistics, published by third parties, that we believe offer useful insight into the badware landscape. If you wish to use these statistics, please cite the original source, as provided. We also publish counts of badware URLs reported to StopBadware by our data providers on our home page and our Top 50 lists.

50% of web-connected malware downloaded additional malicious executables within the first 60 seconds of infection. 

85% of malicious sites identified were found on legitimate, compromised web hosts. 

Source: Websense 2013 Threat Report (Feb. 2013)


In 2012, Google took action to protect users from 123,000 badware sites linked to by online ads.

Source: Google Ads Security 2012 Retrospective (Jan. 2013)


Between October 2011 and March 2012, nearly 30% of the threats detected by SophosLabs either came from the Blackhole exploit kit directly, or were redirects to Blackhole from compromised legitimate sites.

Source: Sophos Security Threat Report 2013 (Dec. 2012)


73% of small & medium businesses (SMBs) describe a "safe and trusted Internet" as “somewhat critical” or “very critical” to their business's success.

Source: 2012 NCSA/Symantec Small Business Study (Oct. 2012)


86% of U.S. adults agree or strongly agree that they'd want a service provider to notify them if the provider knew their computer was infected with malware.


Source: 2012 NCSA/McAfee Online Safety Study (Oct. 2012)


Google finds about 9,500 new malicious websites every day. These are either innocent websites that have been compromised by malware authors, or others that are built specifically for malware distribution or phishing.

Source: Google Online Security Blog (June 2012)


Most exploits detected by Microsoft antimalware products target vulnerabilities for which a security update existed at the time of the infection attempt. 

As of October 2011, 34% of computers analyzed were missing the most recently released Windows kernel update, and 16% were missing the three most recently released updates. 94% of computers analyzed were missing the most recently released Java update, and 51% were missing the three most recently released updates 

Source: Microsoft Security Intelligence Report Vol. 13 (Jan - June 2012)


On average, two popular websites (among the Alexa top 25,000) serve drive-by downloads each day.


An estimated 1.6 million vulnerable users were exposed to drive-by downloads in one month across 58 popular (Alexa top 25,000) sites.

Source: Barracuda Labs (Mar. 2012)


23% of malicious domain registrations could be blocked with basic validation of contact info.


Source: Abused Internet Domain Registration Analysis for Calculating Risk and Mitigating Malicious Activity by KnujOn.com (Feb. 2012)


Approx. 30,000 new malicious URLs were created each day in the second half of 2011; 80% of those were on compromised, legitimate websites.


85% of desktop malware infections are delivered via the Web.

Source: Sophos Security Threat Report 2012 (Jan. 2012)


“Enterprise users [organizations using Cisco’s ScanSafe product] experienced an average of 339 Web malware encounters per month in 4Q11.” (an increase of 205% year over year)


Source: Cisco 4Q11 Global Threat Report (Jan. 2012)


31.3% of computers exposed to popular exploit kits ended up infected, with Java, Adobe Reader, Flash Player, and Internet Explorer the most exploited pieces of software.


Source: CSIS (September 2011)


One third of U.S. households experienced badware infection in one year, at an estimated cost to consumers of $2.3b (incl. 1.3 million PCs replaced).


Source: Consumer Reports (June 2011)


1 in 14 downloads (by Internet Explorer 8 and Internet Explorer 9 users) is later confirmed as malware.


Source: Microsoft (May 2011)