Survey Highlights Webmasters' Struggles with Hacked Sites
StopBadware and Commtouch recently published a joint report titled "Compromised Websites: An Owner's Perspective" that chronicles webmasters' experiences with hacked websites. The report presents statistics and opinions on how site owners navigate the process of learning their sites have been hacked and repairing the damage. The report's findings are based on a survey Commtouch and StopBadware designed and offered to website owners and webmasters over the course of several months.
Data from the poll reveals that malicious actors are often able to compromise legitimate websites without the site owners' knowledge: more than 90 percent of respondents didn't notice any strange activity, despite the fact that their sites were being abused to send spam, host phishing pages, or distribute malware. Nearly two-thirds of the webmasters surveyed didn't know how the compromise had happened.
Other highlights from analysis of the survey's responses include:
- About half of site owners discovered the hack when they attempted to visit their own site and received a browser or search engine warning.
- 26 percent of site owners had not yet figured out how to resolve the problem at the time they completed the survey.
- 40 percent of survey respondents changed their opinion of their web hosting provider following a compromise.
"Cybercriminals can significantly improve their open and click-through rates by distributing badware via legitimate domains. Many site owners are either unaware of the compromise or struggle to remove the infection, which directly contributes to the persistence of, and increase in active badware URLs." said Amir Lev, Commtouch's chief technology officer. "Commtouch does its part to protect end-users, enterprises and service providers from compromised sites with a range of cloud-based email security, Web filtering and antivirus tools."
"The survey results highlighted several aspects of webmasters' experience with site compromise that may prove eye-opening for the security community," said StopBadware Executive Director Maxim Weinstein. "There's a lack of clarity for webmasters about who's responsible for site security and where to turn when a website is compromised. Webmasters and the wider Internet community therefore benefit from continual efforts aimed at educating them about their responsibilities and those of their hosting providers."