Check out the new USENIX Web site.

Web Server Software

We first begin by examining (where possible) the software running on the web-servers for all the landing sites that lead to the malware distribution sites. Specifically, we collected all the `` Server'' and ``X-Powered-By'' header tokens from each landing page (see Table 3). Not surprisingly, of those servers that reported this information, a significant fraction were running outdated versions of software with well known vulnerabilitiesWe consider a version as outdated if it is older than the latest corresponding version released by January, 2007 (the start date for our data collection).. For example, 38.1% of the Apache servers and 39.9% of servers with PHP scripting support reported a version with security vulnerabilities. Overall, these results reflect the weak security practices applied by the web site administrators. Clearly, running unpatched software with known vulnerabilities increases the risk of content control via server exploitation.

Table 3: Server version for landing sites. In the case of Microsoft IIS, we could not verify their version.
Srv. Software count Unknown Up-to-date Old
Apache 55,088 26.5% 35.5% 38%
Microsoft IIS 113,905 n/a n/a n/a
Unknown 12,706 n/a n/a n/a
PHP 27,873 8.5% 51.6% 39.9%

Niels Provos 2008-05-13