First published: 30th June 2007
Brian Krebs of Security Fix found that 33% of websites hosted on nine servers at web-hosting company IPOWER Inc served malware. Most of the sites appeared to belong to individuals and small businesses, and many had not been updated or viewed by their owners for months or years. Extrapolated to all of IPOWER's server, the company may be hosting nearly a quarter-million malicious Web sites, and the problem is unlikely to be limited to just one hosting provider.
The study followed a report by StopBadware.org, a joint effort by Google, Harvard Law School's Berkman Center for Internet & Society and Oxford University's Internet Institute, which identified more than 90,000 sites that attempt to install malicious software on visitors' computers via Internet browser security holes or programming tricks.
The situation is unlikely to improve until someone is forced to take responsibility. The hosting companies are competing to provide lowest-cost web hosting to small users. The fact that many of their servers are running old versions of server software with unpatched security flaws reflects the strong competition and their tight budgets. The website owners are looking for a cheap, easy way to get onto the web, and probably do not have the technical skills to recognise whether their hosting provider is secure, or if their site has been compromised. Criminals are only too happy to exploit this situation, and host their malware on otherwise innocent sites.