One would expect sites hosted by big, brand-name providers to be almost free of malware. However, three of the top five malware sites in the world are hosted by Amazon.
The Washington Post recently called Amazon a hornet’s nest of malware. But the ecommerce giant is hardly alone in this.
Malware sites increasingly use services like Google and GoDaddy for hosting, whether by paying for service or by hijacking legitimate sites.
The trends are highlighted in the SERT Quarterly Threat Intelligence Report Q4 2013. Below we highlight the top malware sites, hosting providers, vulnerable server versions, and other issues identified in the report.
Top 10 Malware Sites and Hosting Providers
The chart below lists the top 10 malware sites by distribution frequency. Most are associated with adware, according the report.
Notice that Amazon hosts 4 of the top 10 sites. Only one other site is hosted in the U.S. For malware distribution by domain, Amazon hosts the top three.
Top 10 ISPs Hosting Malware
This chart represents the top 10 ISPs for malware hosting identified in the last quarter of 2013.
Keep in mind: the top 10 account for only 29% of the malware identified. Malware from these providers is getting more common, but more than two-thirds of the problem is outside their walls.
Top 10 Vulnerable Server Versions
A heaping 84% of vulnerable servers used Microsoft Internet Information Services (IIS) 6.0. This server platform is now up to version 8.5.
IIS 5.0 was the runner up but accounted for only 4% of vulnerable servers detected.
Top Vulnerable WordPress Versions
Nearly half of all vulnerable WordPress installations had version 3.6 or below. More than one-third were version 3.6.1, and a sizeable chunk were 3.7 and 3.7.1.
The most current version of WordPress is 3.8.1.
Image: Shepard Software