The Internet is a vast world mostly made up of ones and zeros. While the Internet harbors the knowledge of the world, it also perpetuates malicious intent from those who choose to take the shortcuts in life and cheat the unsuspecting out of their hard earned money through the use of malware.
As a massive two-sided spectrum, the Internet is an essential part of life as we know it in our modernized world today. In the recent years, though, malware has taken on a new life form to be more aggressive and utilize sneaky techniques to infiltrate computers from around the world. Fundamentally, the Internet is a risky place, where about 46% of the top one million websites are considered risky, according to a recent "State of the Web 2016" study conducted by Menlo Security.
The spoils of war are imminent on the Internet when it comes to billions of people flocking to just over 1 billion websites on a daily basis, some of which are comprised of malicious intent. Within millions of websites on the Internet, therein lies a perpetuating population of sites that hackers have chosen to exploit in many different ways. Ramping up their efforts in the past few years, hackers have managed to usher in a malware explosion on the Internet where exploitation of malicious sites and legitimate sites has taken on a new life of its own.
Website exploitation is more widespread than it has even been. The reasons for the widespread web exploitation by hackers is that risky sites are easier than ever to exploit, phishing attacks are using more legitimate sites than ever, traditional security applications are failing to provide adequate protection against aggressive malware, and certain entities fail to keep their software updated and fix newly-discovered vulnerabilities.
Websites are being hijacked at record numbers as of late. Moreover, high profiles sites have become large targets for hackers. Among the list of high profile sites that have succumb to some form of an attack we can look to the companies of AOL, the BBC, MSN, and even The New York Times. Many of these sites were hijacked though modernized methods of tainted advertisements or ad networks hijacked to install malware like ransomware, which is known as one of the most aggressive forms of malware in existence. Just the other week, a campaign that sold the Angler Exploit Kits for software like Adobe Flash and Microsoft Silverlight was found to spread malicious ads through a compromised ad network onto legitimate sites. Some of the popular malware spread through malicious sites remains to be a long list of Ransomware, such as CryptoLocker, .locky File Extension Ransomware, Zepto, CryptoWall, and Ceber 4.0 Ransomware.
One of the unfortunate aspects of the web having a malware explosion in the recent years is the fact that any website at any time is vulnerable to an attack. The example of malicious advertisements being served on high profile sites is just one primary method that hackers are able to attack sites. Referencing Menlo Security's 2016 Web Vulnerability report it is revealed that websites are considered to be risky if either their homepage or associated background sites are running vulnerable software, which may be outdated or known for previous security incidents that are taken advantage of by hackers.
Without getting too deep into the technical aspects of websites, every website has a form of software it runs, and in some instances, the software may have vulnerabilities making it easy for hackers to attack or compromise the site. With that in mind, Menlo Security found tens of thousands of the one million most popular sites running vulnerable software. For those savvy enough to recognize website software, below is their list of the top 10 most vulnerable software packages:
- NGINX 1.8.0
- Microsoft IIS 7.5
- PHP 5.3.3
- Apache 2.2.15
- PHP 5.3.29
- Apache 2.2.22
- PHP 5.5.9
- NGINX 1.10.0
- Apache 2.4.7
- Apache 2.2.31