Search engine listings littered with dangerous malware

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

There are currently an estimated 4.1 million websites infected with malware worldwide.

This is the conclusion of a new report from certificate lifecycle management (CLM) provider Sectigo, based on an analysis of more than 14 million websites conducted by its website protection and monitoring arm, SiteLock.

What’s worse, almost all of these infected websites (93%) are not blacklisted and therefore appear in public search engine listings. The most prevalent malware variants are Filehacker, which is found in more than a third of infected websites, and Backdoor (31%).

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Bot traffic

To infect many millions of websites is an impressive feat. So, how do threat actors do it?

Sectigo believes the majority automate their attacks; bots in 2021 accounted for 5.5 times more traffic than humans, amounting to more than 2,300 weekly average bot visits per site. At the same time, the volume of human traffic decreased. 

While not all bot traffic is malicious, the part that is causes plenty of headache all around. 

“Malicious bots can programmatically visit websites and identify vulnerabilities in code to execute their attacks, such as stealing data or inserting malware,” said Jason Soroko, CTO of PKI at Sectigo. 

“The public internet is a very dangerous place and is increasingly getting worse. Don’t commit the fallacy of the underdog, SMB websites have enormous value to bad actors because they have customer data and can be used for phishing attacks. It’s not just about fraud, either. If websites handle payments, they’re obvious targets, too. The content management system platforms SMBs rely on may not protect against these threats. In fact, they are inherently difficult to secure.”

In total, endpoints are attacked 172 times per day, meaning they receive eight attacks every minute. Nearly half (48%) of SMB website owners believe they are too small to target. At the same time, more than half of them have already been breached.

Given the broad range of threats, businesses require a comprehensive security solution, Sectigo concluded.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.