Tom, one of our resident virus experts, shared this article reviewing a report that Google produces.  The report summarizes the amount of websites that Google detected as compromised or actively distributing malware.  To quote the blog commentator, Daniel Cid, “What is really scary from their report is the amount of legitimate compromised sites hosting malware compared to sites developed by the bad guys for malicious purposes.”  Google identified 9x more legitimate websites as compromised than those websites that were intentionally designed to distribute malicious software.  And that may be a low number.

Websites are often neglected in terms of patching, security updates and the like.  In general, the owner of the website assumes that the web hosting provider is taking care of it; however, the web hosting provider’s responsibility typically stops at the web server itself, not necessarily the platform a particular website was built on.  WordPress, DotNetNuke, or Joomla are examples of a web site development platform.  If your website is built using one of these technologies, the onus may be on you, the customer, to ensure that the platform is updated and secured.  Why?  Because changing a website platform could have ramifications on add-ons, widgets, etc. that you use on your website.  The web hosting provider would be unaware of this and is not responsible for maintaining these add-ons as well.  In these cases, it’s your responsibility, not theirs, to update WordPress, DotNetNuke, Joomla and the like.  As with everything, we encourage you to make a backup of your website before embarking on updates of this kind. 

We encourage our clients to periodically check their own website to ensure that is has not been infected with malware.  Sucuri offers a free website malware scanner that you can use to do this.  Check it out here.