Which Websites Are Most Likely to Infect You with Malware?
Whatsapp Pinterest

You get warned all the time about being on the lookout for sites that might be harboring malware – but do you know where you’re most likely to get infected with a Trojan or virus? You might guess porn streaming sites, places to buy prescription meds, dark web pages, or Reddit, the cesspool of the Internet. But you’d be wrong.

Where Is Malware Hiding?

According to Cisco’s 2015 Annual Security Report, the top industries that pose a risk to you through their websites, depending on where you live, include aviation, media and publishing, agriculture and mining, food and beverage, insurance, automotive, and real estate and land management.

malware-sectors

Not the kinds of sites you expected, are they?

When you think about it, however, it makes perfect sense. They’re the kinds of sites that you visit all the time. Unless you suffer from a pornography addiction Pornography Addiction: The Hidden Struggle & How to Break Free [Feature] Pornography Addiction: The Hidden Struggle & How to Break Free [Feature] Anon22 discovered Internet porn when he was just 12 years old. For around 10 years, Anon22 has enjoyed pornography using his computer once or twice a day, a compulsion that he claims ruined his social... Read More , you’re probably not visiting shady porn streaming sites constantly. The same is likely true with illegal marketplaces on the Dark web, questionable movie and TV streaming sites, and torrents.

malware-sectors-world

When you look at the worldwide report, the industries are similar, but they also include pharmaceutical, chemical, and legal sites as well. Again, sites that get a lot of traffic.

Of course, just because these are the most dangerous sites doesn’t mean they’re the only places you can get infected. Even though they aren’t the prime vector, adult sites are definitely sources of malware 5 Ways Visiting Adult Websites Is Bad for Your Security & Privacy 5 Ways Visiting Adult Websites Is Bad for Your Security & Privacy While pornography is often discussed in the context of morality, there's a huge security-and-privacy angle that is often overlooked. If you know what to look out for, the safer you'll be. Read More ; downloading images from social networks and pirating TV shows can get you infected How Pirating Game of Thrones and Other Shows Can Give You Malware How Pirating Game of Thrones and Other Shows Can Give You Malware Thinking about pirating the latest series of Game of Thrones or The Walking Dead? There's a real risk of malware! Read More ; search engines have been a notable vector for a while; ads on any site can be compromised; and you could even download malware from an app in the Google Play store What Is Clipper Malware and How Does It Affect Android Users? What Is Clipper Malware and How Does It Affect Android Users? Using cryptocurrency on Android? It's not as safe as you think! Here's what you need to know about the Clipper malware. Read More . These sites are simply where malware distributors are focusing their attention at the moment.

Just How Risky are These Sites?

Cisco’s report quantifies just how dangerous these sites are by using a magnitude measurement, where 1 represents the average likelihood of exposure to malware. So visiting a site from a sector with a risk rating of 2 would make you twice as likely to be exposed to malware as the average site on the Internet.

spyeye-air-travel

As you can see, it’s surprisingly risky to visit some of these sites. Aviation in the US has a risk factor of 5, and media and publishing come in at 2.8. In Asia, the insurance sector has a worryingly high 6, while real estate and land management, automotive, and transportation and shipping sites are all over three times as likely to infect users with malware as other sites.

Worldwide, pharmaceutical and chemical sites show an alarming risk rating of 4.78, with media and publishing following with 3.89.

How Are Users Getting Infected?

As we’ve been saying for a long time, Flash is a big security risk. Cisco’s results confirm that, and also point out that JavaScript is being used to conceal malware hidden in Flash, making it harder to find and analyze.

flash-die

Attacks based on Java Disable Java on Mac OS X for a Secure System Disable Java on Mac OS X for a Secure System Macs are generally secure, but Java has been causing security problems for years. It's finally time to get rid of Java on your Mac; here's how. Read More , which held a strong lead as the most widely used attack vector, have gone down significantly, and Silverlight attacks are on the rise. PDF files continue to be used How to Spot Unsafe Email Attachments: 6 Red Flags How to Spot Unsafe Email Attachments: 6 Red Flags Reading an email should be safe, but attachments can be harmful. Look for these red flags to spot unsafe email attachments. Read More to distribute malware, too, indicating that email-based phishing is still effective.

Scripts and iFrames are common methods of distribution across the world, with exploits and scams playing significant roles as well (especially in Asia, where scams are ranked first).

email-scam-outbreaks

Another factor that’s become more significant in recent years is malvertising from browser add-ons What Is Malvertising and How Can You Prevent It? What Is Malvertising and How Can You Prevent It? Malvertising is on the rise! Learn more about what is it, why it's dangerous, and how can you stay safe from this online threat. Read More , which are often bundled with other software. It looks like being careful about which extensions you use is becoming increasingly important. Stop downloading free software from crappy sites, and you’ll be in much better shape.

How to Stay Safe

All of this information points to one inescapable conclusion: hackers, cybercriminals, and malware distributors are smart about what they’re doing. They’re targeting the sites we visit often, they’re finding ways to better conceal malware, and they’re updating the strategies that work so they continue being effective. So you need to be one step ahead.

avira-quick-scan

Fortunately, being one step ahead is really easy. In fact, we tell you how to do it all the time. Download a good anti-virus package. Make sure it gets updated automatically. Update your operating system as soon as you can. Keep your browsers updated. Don’t install add-ons or apps if you don’t know exactly what they do. Review your apps and add-ons on a regular basis to make sure there’s nothing new that you didn’t put there (it really only takes a moment).

And now, you can keep these facts in mind when you’re visiting aviation, pharmaceutical, insurance, and other sites that are common targets. While there isn’t necessarily anything you should be doing differently on those sites, it’s good to know where you might be a target so you can be extra vigilant and on the lookout for anything suspicious.

Remember, malware, ransomware, and the like can lurk anywhere. Take a look at how it can be hidden in a botnet and what you can do to protect yourself. You’ll also want to learn about DNS cache poisoning and how to avoid it What Is DNS Cache Poisoning? How DNS Spoofing Can Hijack You What Is DNS Cache Poisoning? How DNS Spoofing Can Hijack You Your router, PC, and even your ISP's servers can be subverted by DNS cache poisoning (or spoofing). Here's how to avoid that. Read More .

Image credits: Cisco, Security Intelligence.

Explore more about: Adobe Flash, Browser Extensions, Malware, Online Security, PDF.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Rich
    March 9, 2016 at 3:27 am

    What's a good antivirus or anti-malware program for Macs?

  2. fred
    January 19, 2016 at 3:13 am

    AdBlock Plus and NoScript in Firefox :-) Works well for me. Avast gives me warnings on the worst of the pages too... I block ALL ads and am careful with NoScript regarding what Javascript I allow. Firefox defaults to block embedded Flash anyway nowadays.

    • Dex
      January 19, 2016 at 11:34 am

      Man, this is exactly what I do. NoScript is like firewall in a browser. Thumb up!

    • Dann Albright
      January 23, 2016 at 7:02 pm

      Yeah, that's definitely one malware-blocking strategy. It's especially good for malvertising, though it won't protect you from absolutely everything. Still helps to be aware of when you're at a site that's statistically more likely to infect you!

      • fred
        January 23, 2016 at 7:43 pm

        well, Dann, nothing short of cutting the network cord is absolutely effective (short of DeepFreeze, it's a great program) hehe.. so it's mainly about reducing risk.. and being extremely careful where you go and what you do.

  3. Anonymous
    January 19, 2016 at 2:27 am

    The sentence "Download a good anti-virus package" has a link which refers to a nearly 6 year old page! Much has changed since 2010.

    Surely MUO could provide a more up to date list of suitable anti-virus?

    • Dann Albright
      January 23, 2016 at 7:01 pm

      Oops! Thanks for pointing that out. Will look into it.

  4. Anonymous
    January 18, 2016 at 7:13 pm

    How to stay safe from drive-by malware infections? Treat all third-party advertising services as hostile. Block them. Do not make exceptions.
    Stopping ads from loading data fixes 99% of the potential for problems.

    • Dann Albright
      January 23, 2016 at 7:01 pm

      Yep, that's definitely one strategy to use. Not everyone is comfortable doing that, but if you are, it definitely helps.

      • fred
        January 23, 2016 at 7:44 pm

        Well, since malvertising has become a new attack vector, it is crucial...