In the 3rd quarter 2012, SWITCH-CERT has helped to clean 1260 malware distributing websites under the .ch and .li top level domains. This is more than twice than in the quarters before.
The dramatic rise of compromised websites in Q3 2012 is most likely due to a vulnerability in the popular Plesk server admin software, that allowed attackers to access the websites and enabled them to inject their invisible code. Exploit kits were commercially available on the internet.
More than 2’000 websites were reported to SWITCH-CERT in Q3. In 1’260 cases SWITCH-CERT could confirm the presence of malicious code threatening visitors. SWITCH routinely informs the owner and technical contacts for these domains and requests that the malicious code is removed within one working day. In 970 cases the website owners or hosters cleaned the website and removed the malicious code within this time frame. In the remaining 290 cases the domain name was temporarily removed from the DNS to protect internet users from getting infected with malware when visiting these sites. From these 290 domains, 187 where cleaned by the owner within 5 days after the blocking. 86 Domains have been cleaned after SWITCH issued a request for identification and 17 domains have been deleted, either because the owners didn’t answered the identification request, or deleted the domain themselves.
Despite the rising numbers of malicious websites, Switzerland is still the country with the lowest rate of infected PCs, according to the Phishing Activity Trends Report Q2 from the Anti Phishing Working Group (apwg).
To reduce the risk for a website to be misused by criminals to infect the visitors with malware SWITCH recomends to following measures:
- Use strong passwords for your FTP account and, if possible, use SFTP.
- Make sure that all the programs installed on your PC and server are always up-to-date.
- Check your PC regularly for malware and viruses.
Bluehost and stopbadware have created a movie that explains basics of protecting websites and visitors.