The Google Security Blog has an interesting article on some research they’ve been performing on comparing web server software against web servers distributing malware. The statistic I liked the most of course was that while Apache accounted for approximately 66% of web servers on the internet (IIS at 23%), IIS accounted for 49% of the web servers hosting malware.

The article offers up some suggestions for why this may be the case

We suspect that the causes for IIS featuring more prominently in these countries (China and South Korea) could be due to a combination of factors: first, automatic updates have not been enabled due to software piracy, and second, some security patches are not available for pirated copies of Microsoft operating systems.

It’s seems like a downward spiral where pirated software in turn leads to end-user exploitation. Whether or not Microsoft, for the greater good, should allow their patches to be applied to pirated software I’m unsure. It’s a balancing act I guess, until some critical mass of end-users get owned by these servers it’s probably not worth them changing their policy.