A few years ago most internet email providers began scanning attachments. The result has been a drastic reduction in the volume of malware distributed by email. Unfortunately, the malware guys have taken to hacking legitimate websites and using them for drive by downloads. There are lots of systems out there that have not been updated, lots of potential vulnerabilities from non Microsoft software (mostly media players) and probably some unpatched Microsoft exploits we have not heard about yet. I wonder if there is some way ISP's could detect these hacked sites. Various things come to mind: 1. Massive HTTP scanning. This would mainly help the large numbers (estimated at over 50%) of computers without updated AV's. 2. Behavioral analysis. Someone would have to invent this. 3. Blacklisting. This is already being used by Google. Some sites are being marked as unsafe. In some cases it is not possible to get to the site by clicking on the link. The address must be cut and pasted into the browser address bar. Perhaps this information could be shared with ISP's or organizations like Open DNS. The result is a bit like a hosts file. Not everyone is able to install a hosts file, and the big ones can slow down older computers. OK security geniuses, any other ideas?