• Analyzing the Google Blacklist, Part 2

    Building on our first article in the series, we continue to analyze the Google Safe Browsing List. In this part, we present more detailed statistics about the hashes seen on the blacklist and try to provide insight into what we observe.

    Motivation
    Understanding the behavior of infected websites is very important. This provides security researchers with strategies to help deal a blow to the bad guys and at the same time, provide website owners and administrators an idea of the current state of website security.

    Since the publication of our last article in this series, we have received good feedback from our colleagues in security. We will attempt to incorporate their comments and concerns in this part of the series.

    Methodology
    We discussed the aim of this experiment and methodology in the last part of this series. We won’t repeat them here, but we encourage you to take a look at our first article in this series if you haven’t already read it!

    Analysis
    Below we present some graphs which provide more information about the analysis.

    • Websites have a high probability of getting hacked on a Wednesday!
    Websites have a high probability of getting hacked on a Wednesday!

    Websites have a high probability of getting hacked on a Wednesday!

    • Websites have a high probability of getting hacked between 7-8 PM PDT.
    Websites have a high probability of getting hacked between 7-8 PM PDT.

    Websites have a high probability of getting hacked between 7-8 PM PDT.

    • On Monday websites get hacked most between 11 AM to 12 Noon, PDT
    • On Tuesday websites get hacked most between 9 AM to 10 AM, PDT
    • On Wednesday websites get hacked most between 7 PM to 8 PM, PDT
    • On Thursday websites get hacked most between 10 PM to 11 PM, PDT
    • On Friday websites get hacked most between 11 AM to 12 Noon, PDT
    • On Saturday websites get hacked most between 1 PM to 2 PM, PDT
    • On Sunday websites get hacked most between 11 AM to 12 Noon, PDT

    Note: Most hashes which stay on the blacklist (over the 113 day period) seem to get added to the blacklist on Wednesday.

    Conclusions
    We have presented more interesting statistics regarding the appearance of website hashes on the Google Safe Browsing List. These statistics provide information which website administrators and owners can use better arm themselves with against attackers. We will continue analyzing the dataset to provide more interesting information. If you have any questions please add a comment.

    At stopthehacker.com, we work hard to help you combat malicious hackers. If you would like to work with us, please drop us an email. You can also visit our services page to find out how we can help you, in fact you can even sign up for free services!

    Till next time…