Based on an analysis of the Alexa top one million sites, Menlo Security found that more than one in three of the top domains are either already compromised or running vulnerable software.
In total, Menlo Security scanned more than 1.75 million URLs representing over 750,000 unique domains. Key findings include:
- More than one in 20 sites (6 percent) were identified by third-party domain classification services as serving malware, spam or botnets.
- Over one in five (21 percent) sites were running software with known vulnerabilities.
- Sites in categories that are typically “trusted” – including computers and technology, business, and shopping – were the top three sources of vulnerable sites.
- Of the 2.5 percent of sites that were “uncategorized,” a significant proportion (16 percent) was running vulnerable software.
Over one in ten sites are running a vulnerable version of the PHP application framework. Another eight percent are running vulnerable Web server software (Apache-4% and IIS-4%). Vulnerable content management systems are present on two percent of sites, split roughly equally between Drupal and WordPress.
The complete report is available here (registration required).