securitywatch.pcmag.com — Malware authors don't generally host exploits on their own sites. It's too easy for antivirus companies to simply blacklist those sites. Instead, they inject exploit code into poorly-secured legitimate sites. Antivirus researchers detect these compromised sites using crawler programs that continuously navigate the Web seeking malicious code.