Menlo Security Finds High Risk in Trusted Websites

Menlo Security logo[news release]  Stealth cybersecurity company, Menlo Security, today released its “State of the Web 2015: Vulnerability Report.” Based on a direct interrogation and analysis of the Alexa top one million sites, Menlo Security found that more than one in three of the top domains are risky – meaning the sites are either already compromised or running vulnerable software – increasing exposure to attack for anyone visiting those sites.

In 2014, businesses lost nearly $400 billion as a result of cyber crime. As attacks become increasingly sophisticated, even browsing trusted websites and clicking on links in emails have the potential to cause significant damage and compromise devices. With more than one billion websites on the Internet and over 100,000 websites created daily, the risk from vulnerable sites is multiplying.

In total, Menlo Security scanned more than 1.75 million URLs representing over 750,000 unique domains. Key findings include:

  • More than one in 20 sites (6 percent) were identified by third-party domain classification services as serving malware, spam or botnets.
  • Over one in five (21 percent) sites were running software with known vulnerabilities.
  • Sites in categories that are typically “trusted” – including Computers and Technology, Business, and Shopping – were the top three sources of vulnerable sites.
  • Of the 2.5 percent of sites that were “uncategorized,” a significant proportion (16 percent) was running vulnerable software.

“Respected and trusted websites like and have been used to deliver zero-day malware to unsuspecting visitors. These kinds of attacks are happening with increasing frequency because so many sites are running vulnerable software but are routinely classified as ‘safe,'” said Kowsik Guruswamy, CTO of Menlo Security. “The current generation of security tools is falling behind in the race to stop attacks. Today’s security challenges call for an entirely new approach to preventing malware from infecting user’s systems.”

To read Menlo Security’s State of the Web 2015: Vulnerability Report visit:

About Menlo Security

Menlo Security, a stealth cyber security startup, is eliminating the threat of advanced malware by introducing a new security model. The company’s solution is currently used by some of the world’s largest enterprises. Menlo Security was founded by experienced security executives from Check Point Software and Juniper Networks, in collaboration with renowned academics from the University of California, Berkeley. Backed by General Catalyst Partners and Osage University Partners, Menlo Security is headquartered in Menlo Park, California. Visit

This news release was sourced from: