Symantec report does not say Religious websites most prone to hackers

This is the type of headline I’m seeing across the Interweb at the moment:

Religious websites most prone to hackers

This is supposedly based on a new report released by Internet security company Symantec and is bunkum.

The report actually states that by category the top infected websites are:

1. Blogs & Web communications

2. Hosting/Personal hosted sites

3. Business/Economy

4. Shopping

5. Education & Reference

6. Technology Computer & Internet

7. Entertainment & Music

8. Automotive

9. Health & Medicine

10. Pornography

The report then notes:

Moreover, religious and ideological sites were found to have triple the average number of threats per infected site than adult/pornographic sites. We hypothesize that this is because pornographic website owners already make money from the internet and, as a result, have a vested interest in keeping their sites malware-free – it’s not good for repeat business.

A couple of quick points.

The reports refers to “religious and ideological”, not just religious.

It is plainly obvious that religious and ideological websites are more likely to take the form of “Blogs & Web communications” which is the most infected category.

The information we are provided is that religious and ideological sites have three times the infection rate of the lowest category pornography, which really doesn’t tell us much at all.

So please do ignore the rather alarmist headlines, but if you are hosting a blog or website, ensure that you back-up regularly.

Tags:

2 Responses to “Symantec report does not say Religious websites most prone to hackers”

  1. Tim Says:

    I wasn’t paying attention so when I clicked on your link I had assumed, seeing the list of websites, that it was a list of worthwhile sites to visit. Imagine my surprise when I saw ’10. Pornography’ ?

  2. Jose Gomez Says:

    Actually, the real issue here is that many websites are using CMS platforms that have vulnerabilities. Specifically, the majority of websites that are referenced here suffer from SQL injection vulnerabilities, allowing hackers to inject malicious code right into the page database itself. So, when you visit a page, the code executes and about 20-25 different exploits simultaneously launch in invisible iFrames. We’ve been tracking this type of activity for years and see over 20,000 attacks a day, mostly from automatic bots that search for dynamic websites with possible vulnerabilities. PHP and .NET websites are targeted aggressively. But, there are millions of websites that have been hacked by this process. Churches are by far the only targets. They are just unsuspecting ones.

Switch to our mobile site