Security experts from Sucuri, a company that provides security products for websites, say they found hidden backdoor scripts on 68 percent of all the hacked websites they were called on to investigate.
That’s about two in every three compromised websites, which makes sense if you think about it. The purpose of a backdoor script is to provide a crook with a secret entry point into a website, which they can use later if the site owner changes the admin password or improperly applies patches and security fixes without cleaning the entire site.
From a sample of 11,485 sites it analyzed in itsfor Q1 2016, Sucuri says that it found backdoors on 4,900 of them.
Backdoors were the most prevalent issue found on infected websites, followed by malware (browser-side code used to create drive-by downloads), which they discovered on 60 percent of the infected websites.
Third on their list was SEO spam, which they found on one in three compromised websites, 32 percent to be more exact. SEO spam is usually found in the form of secret content that’s embedded on a page, hidden to the human eye, but visible for search engine metacrawlers.
Drive-by download malware and SEO spam were also popular
SEO spam helps crooks boost the search ranking for their own websites but penalizes and downgrades an infected website’s search engine visibility.
Crooks usually leave SEO spam inside a website’s source code, in its database, or leverage .htaccess redirections. In most cases, SEO spam is for pharmaceutical products, but also for adult and online gaming services.
While backdoor scripts decreased from last year, and SEO spam saw a small rise, malware infections saw the biggest growth in the last few years, jumping from being found on 41 percent of hacked websites in 2014, to 60 percent today. For comparison, backdoor script presence jumped from 59 percent in 2014 to 73 percent in 2015 and is now at 68 percent, while SEO spam grew from 20 percent to 28 percent, and is at 32 percent now, in 2016.
Today, we’ve also covered another facet of the Sucuri Website Hacked Report dealing with.