Google recently launched its Online Security Blog, in which new information reveals which server platforms host the most malicious software (malware), including drive-by downloads. The company examined some 70,000 domains that are known to deliver some form of malware, and according to the results, Microsoft IIS is the platform of choice.
The report “Web Server Software and Malware,” posted June 5, 2007, notes that “Microsoft IIS features twice as often (49% vs. 23%) as a malware distributing server. Amongst Microsoft IIS servers, the share of IIS 6.0 and IIS 5.0 remained the same at 80% and 20% respectively.”
Google qualifies those figures by adding that “It is important to note that while many servers serve malware as a result of a server compromise (by remote exploits, password theft via keyloggers, etc.), some servers are configured to serve up exploits by their administrators.”
Platforms of choice vary based on country. For example, of those servers that are known to deliver malware, IIS dominates in China and South Korea while Apache dominates in the United States, Russia, and Germany. Google speculates that platforms of choice might result from the ability to exploit a given software platform, possibly due to a lack of security patches or the use of pirated software platforms on which the pirates might be reluctant to enable automatic updates.
The complete report is available on Google’s blog for public review and scrutiny.