I’ve been a malware fighter for more than 20 years. I consider myself fairly up-to-date on the subject of malicious mobile
code, malware, hackers, and exploitation vectors in general.
So it was with surprise then that I read another of Google’s recent studies purporting that IIS Web servers were twice as likely to contain malware as Apache Web servers (although Apache and IIS Web servers contained malicious Web sites in equal numbers).
This astounded me for several reasons. First, my personal experience tells me it isn’t so. I run multiple IIS and Apache Web
servers on my honeynet, and my Apache Web servers get 89 percent more hacking traffic than my IIS servers. Most of the traffic is PHP/CGI/MySQL
based. This is not unexpected, as the Internet contains at least twice as many Apache Web servers, and popularity draws malicious
hacking