In a recent blog post, the Google Anti-Malware Team wrote that Microsoft IIS servers account for 49 percent of all Web sites hosting or distributing malicious code. This was based on an examination of approximately 70,000 domains that have either distributed or hosted malware during the previous month.
The result of 49 percent is interesting when you consider that only about 23 percent of all Web servers are running IIS. However, the Google team points out that this probably has little to do with inherent weaknesses in IIS and more to do with the level of software piracy and the failure — or inability — to patch IIS servers running illegal software.
The majority of malicious IIS-based Web servers are located in Asia, with more than 90 percent of Web servers in China and about 75 percent in South Korea suspected of hosting or distributing malware. The estimated installed base of IIS in those two countries is about 25 percent. When Asia is removed from the analysis, Apache becomes the most popular attack vector.
According to Nagendra Modadugu, a member of the Google team, the results of the analysis point to the importance of patching Web server software.