In a recent blog post, the Google Anti-Malware Team wrote that Microsoft IIS servers account for 49 percent of all Web sites hosting or distributing malicious code. This was based on an examination of approximately 70,000 domains that have either distributed or hosted malware during the previous month.
The result of 49 percent is interesting when you consider that only about 23 percent of all Web servers are running IIS. However, the Google team points out that this probably has little to do with inherent weaknesses in IIS and more to do with the level of software piracy and the failure — or inability — to patch IIS servers running illegal software.
The majority of malicious IIS-based Web servers are located in Asia, with more than 90 percent of Web servers in China and about 75 percent in South Korea suspected of hosting or distributing malware. The estimated installed base of IIS in those two countries is about 25 percent. When Asia is removed from the analysis, Apache becomes the most popular attack vector.
According to Nagendra Modadugu, a member of the Google team, the results of the analysis point to the importance of patching Web server software.
Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be published in Q1/2013). Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator. He has an MBA and CISSP certification. He is also an online instructor for the University of Phoenix.