Google Safe Browsing is the most popular security blacklist in use. It is leveraged by Firefox, Safari and Google Chrome. As such, being blacklisted by Google is a big deal - users of these three browsers are warned not to visit the sites and Google puts warnings in their search results.
I've run Google Safe Browsing against the top 1 million (based on number of visits) websites according to Alexa
of them are blacklisted by Google Safe Browsing. I've looked at the most popular to understand why they are considered malicious. Here is what I found for the most popular blacklisted sites:
|Rank ||Domain ||Threat ||Comment|
|18,784 ||financereports.co ||Scam ||Work from home scam|
|35,610 ||tryteens.com ||PDF malware ||Porn|
|47,016 ||creativebookmark.com ||Fake AV ||Hijacked |
|52,409 ||ffupdate.org ||Adware download || |
|78,202 ||totalpad.com ||Fake AV ||Hijacked |
|83,858 ||youngthroats.com ||Malicious IFRAME ||Porn|
, or a malicious IFRAME is generally the culprit. It is interesting to notice that Google decided to blacklist the infected site, rather than just blocking the external domain hosting the malicious content.
I have also checked to see which country the blacklisted domain is hosted in. Here is the breakdown:
Most of the blacklisted sites are hosted in the US. Western Europe (especially Germany, France and the Netherlands) is number two, followed by China (8%).
There is a government website in this list: mdjjj.gov.cn
extension. There is also a Flash exploit with a heap spray targeting Mac OS X, not unlike a Flash exploit we found on another Chinese site a few years ago
. Windows users with Internet Explorer 6 and 7 users get the old "iepeers.dll
" exploit (a different version for each browser).
No site is safe from hijacking. Personal websites and top-10,000 sites are all likely to be infected at some point.