New study says 46% of websites are running vulnerable software, are known phishing sites, or had a security breach in the past 12 months.News and media sites were most likely to be risky, at 50 percent, followed by entertainment sites at 49 percent, and travel sites at 42 percent.
The largest source of risk was vulnerable software, the Menlo study found. About 36 percent of all websites were either running vulnerable software, or getting content from other locations running vulnerable software. The next biggest risk factor was if a website was known to be malicious, or pulled content from a malicious domain. About 17 percent of the top million Alexa websites fell into this category.
For example, the single largest category of known-bad sites was pornography, the study said, with nearly 38,000 websites known to deliver phishing or other attacks. But pornography ranked far down the list when it comes to vulnerable software—the business and economy category actually had the most sites with known vulnerabilities, at more than 82,000, followed by society, personal sites and blogs, shopping, news and media.
Finally, 3 percent of sites had experienced a recent security incident, the study found. According to the study, enterprises that host websites should also step up and do more to protect their visitors, including making sure that all their software is up to date, and the sites that they embed content from also are current.
For example, nearly 70,000 of the top million websites run the vulnerable nginx 1.8.0 server software. The next most dangerous software is Microsoft's IIX 7.6 web server, which dates back to 2009. 2010's PHP 5.3.29 is in third place, with nearly 32,000 websites.