March 2023. The ‘Warnings displayed per week’ and ‘Website owner response time (in days)’ charts are currently only showing data up to December 2022. We are working to restore the data feed.
February 2021: Data charts for Unsafe websites detected per week and How we identify malware stopped being updated and were archived.
Unsafe websites detected per week
Number of sites deemed dangerous by Safe Browsing
Sites hosting malware detected per week
Users who see malware warnings per week
2 June 2013. A campaign targeting vulnerabilities in Java and Acrobat Reader infects more than 7,500 sites. As a result, more than 28.6 million Safe Browsing API users receive malware warnings during this week. (Update: an earlier version of this report erroneously indicated that 75 million users received malware warnings).
April 2013. Cybercriminals using Red Kit infect enough sites to increase the number of users who receive malware warnings by 32 million.
July 2012. A large campaign infects more than 106,000 unique sites in July, directing people to sites launching the Blackhole exploit kit. More than 90 million users receive malware warnings as a result.
September 2011. Safe Browsing's client-side phishing detection algorithm launches in Google Chrome, which doubles the number of phishing warnings that users receive each week.
Malware warnings on Google Search
28 April 2013. An error prevents malware warning labels from appearing on Google Web Search results (Image Search is unaffected) and decreases the number of labels displayed directly on the results page. However, users continue to see a warning page if they click on a link to an unsafe site, and the number of warning page views during this time increases by 31%.
September 2012. The same Blackhole campaign that caused more than 90 million browser users to receive malware warnings also generated more than 330 million warnings in Google Search.
Unsafe websites detected per week
September 2012. One of the third-party phishing feeds that provides Safe Browsing with data is temporarily removed because of concerns with too many false positives. Phishing protection in Safe Browsing obtains some of its data from third-party feeds. However, these feeds must meet stringent standards to ensure very low false positive rates.
July 2012. More than 90,000 sites compromised with malware are identified. A large majority of these sites redirected users to the Blackhole exploit kit. Users receive more than 90 million browser warnings and 330 million search warnings per week as a result.
May 2009. The previous campaign that originally launched attacks from gumblar.cn/ starts directing users to martuz.cn/, which infects more than 42,000 sites. In total, Safe Browsing identifies more than 100,000 infected hosts during this week.
April 2009. Safe Browsing identifies malware campaigns that infected more than 62,000 sites, redirecting users to the attack site gumblar.cn/.
Sites hosting malware detected per week
November 2012. Attack sites had been using a technique called 'domain rotation' to quickly move their malware distribution networks. Safe Browsing’s algorithms automatically identify these domains and detect more than 6,000 attack sites per week.
Webmaster response time
March 2013. Safe Browsing scanners identified malware on subdomains of a significant number of hosting providers. We flagged the hosting providers for malware instead of the infected subdomains by mistake because it is difficult to determine which domains were maintained by each hosting provider. We rectified the error within a day and removed the erroneously classified sites from the malware list. Our resolution of this error reduced the median amount of time that sites spent on the malware list.
January 2012. The median duration of time spent on Safe Browsing’s list of compromised sites begins rising from 20 days to 30 days. While the precise cause is unclear, an increasing number of advanced exploit kits is believed to be making it harder for webmasters to identify and remove malware.
February 2008. Safe Browsing starts to automatically rescan sites to determine if they should still remain on the list of compromised sites, which reduces the median duration of time spent on the list from 90 days to approximately 15–20 days.
Number of sites on the Safe Browsing lists
August 2012. A campaign leveraging the Blackhole exploit kit compromises over 100,000 sites. Safe Browsing's list of compromised sites rises to 350,000.
January 2012. Safe Browsing begins automatically removing attack sites that had been identified as inactive from the list of malware sites, initially getting rid of more than 130,000 stale domains.
August 2009. The Gumblar and Martuz malware campaigns infect more than 330,000 sites, which are added to Safe Browsing's list of compromised sites.
May 2008. Safe Browsing starts automatically rescanning malware sites that were previously determined to be unsafe to see if they are still compromised. Initially, 115,000 sites are identified as no longer unsafe, which reduces the malware list from more than 225,000 sites to 110,000 sites.
January 2008. Safe Browsing enables 'domain compression' on the phishing list to consolidate a number of distinct hosts on a unique domain to that single domain, which reduces the size of the phishing list from 206,000 sites to 13,000 sites.
Website reinfection rate
May 2012. The reinfection rate for sites that have been compromised rises dramatically due to the periodic rescanning of infected sites. Previously, these sites were not removed from Safe Browsing’s list and therefore could not be reinstated.
November 2009. The general increase in reinfection rate begins to decline as a result of Google's effort to launch the Malware details feature in Google Webmaster Tools, which describes the precise infection that Safe Browsing scanners identify. On 12 March 2013 we launch Webmasters help for hacked sites.
Where malware originates
April 2020: We stopped updating the Malware charts and archived the Safe Browsing malware page.