The vast majority of the
most popular blocked websites contain a piece of malicious JavaScript inline. These sites were mostly hijacked by attackers and the malicious code can usually be linked to the
Blackhole exploit kit.
 |
| Malicious code found on top blocked sites |
I was surprised to find malicious Java applets in second place, having been found on 10% of the blocked sites. Malicious iFRAMEs were the third most prevalent infection and generally resulted from
mass SQL injection attacks. Only 2% of the sites are trying to foil users into downloading a malicious piece of code through a
fake AV,
Flash or
codec page.
The scam and spam sites are mostly survey scams (
the-rewardline.com,
station-awardz-central.com,
channelrewardscenter.org, etc.) and work-from-home scams (
financereports.co). These sites have been blocked by Google Safe Browsing for months.
Since most the blocked sites are legitimate sites with high traffic, they quickly get cleaned up and removed from the Google denylist. While the average number of days a top-site is blocked by Google is
7 days, the graph below shows that the vast majority are blocked for only a few days:
The number of top domains blocked, can vary considerably on a daily basis, but the trend is upward - from an average of
400 sites in May to more than
1,000 in July.
 |
| Number of top websites blocked daily by Google |
Here are the top-ranked websites blocked by Google since May 2012:
| Domain | Alexa rank | Country |
|---|
| blog.com | 681 | PT |
| fatakat.com | 699 | US |
| ziddu.com | 878 | GB |
| warez-bb.org | 1,029 | RU |
| vanguardngr.com | 1,528 | US |
| prlog.org | 1,555 | US |
| damnlol.com | 1,949 | US |
| arabseed.com | 2,002 | US |
| h33t.com | 2,213 | CA |
| geo.tv | 2,606 | GB |
Small or big, popular or not, all websites are under attack. No domain can be fully trusted and you never know if attackers managed to breach the protections of the website that you're currently on.
