Compromised Websites, Botnet Distribution Points, Phishing and Fraud Most Common Malicious Websites in Q3 of 2012
Once a website is compromised, hackers have complete liberty to place malicious files or code that may redirect unsuspecting users to sites serving up malware, host inappropriate or criminal content, conduct phishing attacks for information that could lead to identity theft or online fraud, or breach a corporate network. For popular news and entertainment websites, the seriousness is multiplied many times over, due to their millions of loyal and daily followers. Hackers, after all, typically flock to where the most people convene.
To understand the findings from this massive malicious URL query data sample, the official malicious category definitions of the zveloDB® URL Database are stated below and consist of Botnet, Command & Control, Compromised (hacked) Websites, Malware Call-Home, Malware Distribution Point, Phishing/Fraud, and Spyware & Questionable Software. The charts detail statistics and trends about the most visited types of malicious websites for July, August, September and Q3 of 2012 as a whole.
These real-world malicious URL request statistics solidify the assumption that as the number of compromised (hacked) websites increase, the more malware distribution points and phishing/fraud hosting sites surface. Access to these real-time malicious URL statistics is one of the benefits of becoming a zvelo OEM Partner.
- Botnet, Command & Control and Spyware category traffic was low and shows up as a mere blip on the radar relative to the millions of malicious URL queries received in Q3.
- Compromised (hacked) website traffic was substantial, averaging 19% of all malicious URL queries and there was a significant surge between July and September.
- There was a considerable spike in Malware Call-Home queries in Q3 compared to prior quarters.
- Malware Distribution Points take the cake in terms of sheer volume, at nearly 66% of all malicious URL queries for the quarter.
- Phishing/Fraud URLs and websites were unfortunately visited far too much, and the actual count increased by nearly 95% between July and September. This parallels the same statistics and trends within the APWG’s “Phishing Activity Trends Report” that stated a 63K+ April count in 2012. Although, in our case, we’re seeing millions of monthly queries that peaked in September.
Definition of “Botnet” Malicious Website Category
Large networks of compromised web servers, often running software that is used by hackers to send spam, phishing attacks and denial of service attacks.
Definition of “Command & Control” Malicious Website Category
Internet servers used to send commands to infected machines called “bots.”
Definition of “Compromised” (hacked) Malicious Website Category
Web page URLs that have been compromised by someone other than the site owner, which appear to be legitimate, but often host malicious code.
Definition of “Malware Call-Home” Malicious Website Category
Malicious URLs that call servers containing malware. The call can be initiated by drive-by downloads in the form of a virus, spyware or other malwares or by cross-site scripting (XSS) attacks that exploit browser vulnerabilities. The response from the server is the real payload of the attack.
Definition of “Malware Distribution Point” Malicious Website Category
Web page URLs that host viruses, exploits and other malware.
Definition of “Phishing/Fraud” Malicious Website Category
Web pages and emails used for fraudulent purposes, often to gather sensitive information such as credit cards, email addresses, bank accounts, and social security numbers.
Definition of “Spyware & Questionable Software” Malicious Website Category
Web pages containing software that reports information back to a central server such as spyware or keystroke loggers.