Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    In trying to gauge the impact of the Heartbleed vulnerability, we proceeded to scanning the Top Level Domain (TLD) names of certain countries extracted from the top 1,000,000 domains by Alexa. We then proceeded to separate the sites which use SSL and further categorized those under “vulnerable” or “safe.” The data we were able to gather revealed some interesting findings.

    As of the moment, we see an overall percentage of around 5% in terms of sites affected by CVE-2014-0160. The TLDs with the largest percentage of vulnerable sites are .KR and .JP. It’s interesting to note that sites from the .GOV TLD rank fifth on the list.

    Figure 1. A breakdown of vulnerable sites per country
    (Click image above to enlarge)

    On the other hand, we have significantly low number of vulnerable sites under .FR and .IN TLDs. We just think of a few theories why this is so. Maybe they haven’t updated to the version of OpenSSL which was vulnerable. They could also have immediately patched vulnerable sites. Another possible reason is in these countries, relatively few servers use the most recent versions of Linux (and so use older versions of OpenSSL without this vulnerability).

    We are going to rescan selected TLDs in a few days to monitor possible changes. In the meantime, we advise website administrators to update OpenSSL to protect their users.

    Update as of April 10, 2014, 10:18 A.M. PDT: The title has been edited for clarity. 

    For other posts discussing the Heartbleed bug, check these other posts:

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • Mirza Atif

      Well this article is very much informative as well as have good research in it..but the question is that how much time left to recover this bug .. in my point of view this is threat… what you say?

    • Helen Counihan

      When I came to my PC this morning, there was a huge HEARTBLEED notice on desktop, saying I should download something NOW. I did not, particularly because there was no notification as to where this came from. Was it from Trend or perhaps even Paretologic? I was inclined to believe that had I downloaded that app, my PC would DEFINITELY have had Heartbleed by the end of it. Has anyone else had this?

    • mtdavid123

      How can one tell or is there a way to tell if a site/app is one of the vulnerable ones unless they tell us?


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice