In the past month, I've been looking at the websites blocked by Google Safe Browsing from the Alexa top 1,000,000 sites. There are between 300 and 500 of these sites blocked everyday, mostly legitimate websites that have been compromised.
I was interested in the geographical distribution of these sites. Here are the number of blocked (malicious and hijacked) sites per country (based on the website IP address), in absolute numbers. Note that to make the map useful, I decreased the number of blocked sites hosted in the US from 146 to 42 on the map because it was over 4 times that of the #2 (China).
 |
| Country hosting popular websites blocked by Google Safe Browsing |
As shown before, the US is hosting the biggest number of blocked sites (146), followed by China (45), followed by Germany (32) and Russia (26).
It is not surprising to see the US be #1 since they host more popular sites in general. Germany is also a popular hosting country, with lower prices than its neighbors. So I decided to show the map of blocked sites in relative numbers: number of blocked sites / number of sites hosted:
 |
| Country hosting popular websites blocked by Google Safe Browsing in relative numbers |
The distribution is pretty even amongst countries with a big Internet user population. The reason why a few small countries (Sri Lanka, Venezuela, Georgia, etc.) stand out is that they host very few sites (small sample size), so having just one or two sites blocked increase their percentage a lot.
Most of these blocked websites are legitimate sites hijacked as part of massive attacks spanning thousand of websites. Attackers constantly scan websites for known vulnerabilities, and they can be highly successful by finding vulnerabilities on popular websites. Blocked Chinese sites host malicious content that is very different from what I've seen in other countries (see examples in the last paragraph of this post).
Do not think your personal website is safe because is has too little web traffic to attract attackers. Scans and attacks are done automatically, targets are compromised with very little resources. No website is too small to be left uncompromised.
