Google and university researchers say the tech giant found some 760,935 compromised websites across the web during a year-long research effort.
Google's Eric Kuan; Yuan Niu; Lucas Ballard; Kurt Thomas, and Elie Bursztein joined the University of California, Berkely's Frank Li, Grant Ho, and Vern Paxson in writing Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension [PDF]
In it the team says the Choc Factory usually emails the admins of hacked sites operating its Search Console. It finds up to three quarters of admins will expunge malware when emailed, while about half act when their sites are painted with browser and search warnings.
Most admins were quicker to patch and purge when tipped off by Google to the malware menace, with about 12 per cent falling flat and being compromised again within 30 days.
The figures are pulled from a pool of 760,935 breaches Google detected in the 12 months to June 2015.
"Our results indicate that browser interstitials, search warnings, and direct communication with webmasters all play a crucial role in alerting webmasters to compromise and spurring action," the academics say.
"… we found Safe Browsing interstitials, paired with search warnings and WHOIS emails, resulted in 54.6 percent of sites cleaning up, compared to 43.4 percent of sites flagged with a search warning alone.
"Above all, direct contact with webmasters increased the likelihood of remediation to over 75 percent".
The tech giant now shares URLs linked to social engineering, unwanted and malicious software, to help admins understand the threats they face.
It monitors some 22,000 autonomous systems or about 40 percent of total active networks, and provides some 250 reports each day to some 1300 administrators. The Alphabet subsidiary's done so since 2011. ®