Google Blacklisting Jumps 150 Percent In Only Three Months

Google has been clamping down hard on malicious websites as blacklisting of the most popular domains jumped 150 percent between May and July, according to data from security vendor Zscaler.

From an average of 400 blacklisted sites in May, Google blocked access via its Safe Browsing service to over 1,000 in July, largely because they contained malicious code. Zscaler looked at the top 1 million sites based on number of visits according to ranking service Alexa.

Most websites were cleaned up within a few days, although the average number of days a site was blocked over the three months stood at seven. “Since most the blocked sites are legitimate sites with high traffic, they quickly get cleaned up and removed from the Google blacklist,” Zscaler said in a blog post.

“Small or big, popular or not, all websites are under attack. No domain can be fully trusted and you never know if attackers managed to breach the protections of the website that you’re currently on.”

Going down a Blackhole

Three quarters of sites blocked over the three month period contained a piece of malicious JavaScript, whilst 10 percent contained nasty Java applets. In the case of the JavaScript injections, the code was usually be linked to the Blackhole exploit kit.

“The Blackhole exploit kit is one of the most commonly-used threats used by cybercriminals to infect computers.  Some 28 percent of *all* web threats detected by Sophos are due to this exploit kit,” Graham Cluley, senior technology consultant at Sophos, told TechWeekEurope.

“In a nutshell, a malicious script on a webpage determines what software the victim is running and serves up all of the exploits they are vulnerable to – maximising the opportunities for infection.

“Typically this will be done to install a payload such as a backdoor Trojan horse giving a hacker remote access, or hijacking your computer into a botnet.”

Twitter was recently swamped with spam containing links  pointing to Russian web pages that ultimately attempted to infect Windows PCs using the Blackhole exploit kit.

In July, the developers behind the Blackhole exploit kit updated the framework with a module that can easily compromise computers systems using a month-old flaw in Java.

Are you a security guru? Try our quiz!