Menlo Security Finds Business Sites the Most Vulnerable to Attacks | eWeek

Hackers Exploit Old Software, Trusted Websites, Menlo Security Reports

1088_HackersExploitOld
Feb 9, 2018
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More


Hackers Exploit Old Software, Trusted Websites, Menlo Security Reports

Hackers Exploit Old Software, Trusted Websites, Menlo Security Reports

Software often has a finite lifespan, with older applications no longer receiving security and bug fix updates. However, that doesn’t mean such applications are not still in use. According to the Menlo Security 2017 State of the Web report, Microsoft’s Internet Information Services (IIS) 7.5, which was released in 2009, is still widely used, exposing organizations to vulnerabilities and the risk of exploits. The 18-page Menlo Security report was released on Feb. 5, providing insight based on an analysis of the top 100,000 websites. The top category of known bad websites that are used to make attacks or deliver malware, according to Menlo Security, are adult and pornography-related sites. The most vulnerable sites, however, are those in the business and economy category. In this slide show, eWEEK looks at highlights from the Menlo Security 2017 State of the Web report.


Old Software Is Widely Used

Old Software Is Widely Used

Menlo Security found that old, vulnerable software continues to be widely used among the top internet websites. Among the worst offenders is Microsoft Internet Information Services (IIS) version 7.5, which was first released in 2009 and remains widely used.


Adult Sites Are Often Used to Deliver Malware

Adult Sites Are Often Used to Deliver Malware

While malware can come from any category of website, Menlo Security found that the worst category for known bad websites was adult and pornography.


Business Sites Are Often the Most Vulnerable

Business Sites Are Often the Most Vulnerable

While adult sites have the highest number of known bad sites that deliver malware, when it comes to the most vulnerable category of website, business and economy is at the top of the list.


Advertisement

Business Sites Are the Most Hacked

Business Sites Are the Most Hacked

Not surprisingly since business and economy sites were found to be the most vulnerable by Menlo Security, they were also the most attacked category of website as well.


Phishing From Safe Harbors

Phishing From Safe Harbors

Menlo Security found that 4,600 phishing sites it found were using legitimate hosting services to base their operations.


Typosquatters Take Aim at Trusted Categories

Typosquatters Take Aim at Trusted Categories

Typosquatting, the process of using a misspelled domain name to trick a user into clicking a link, remains an active form of attack. Menlo Security found that 19 percent of typosquatting domains were in trusted categories, including financial services.


Background Radiation Leads to Risk

Background Radiation Leads to Risk

Menlo Security found that most sites make background requests to other external sites to execute user requests. According to Menlo Security, every time a user visits a website, an average of 25 background requests for content are made.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.