Google finds malware on 1 in 10 Web sites

Study by the search giant exposes a new trend among malicious hackers.

In a paper (PDF) presented at last month's HotBots 2007 conference, researchers from Google say they've found malware downloads lurking on 1 out of every 10 Web sites visited. For this study Google analyzed 4.5 million URLs. The researchers determined that 450,000 of these contained some form of malicious code. The researchers identified four methods used to infect the unsuspecting Internet surfer. One is site-based, such as compromises in Web server security, but the others involve common user activity such as downloading user-contributed content, clicking Web advertising, and installing third-party widgets.

Attacking Web servers can be done with just an Internet browser. By appending carefully formed JavaScript onto vulnerable Web URLs, criminal hackers can inject malicious code onto the desktops of all future visitors to that site. Recent flaws in QuickTime and other media files allow attackers to use user-contributed content, such as video or music downloads, to spread bad code. Recently, Exploit Prevention Labs sounded the alarm about attackers using Google AdSense advertising to spread malware. Finally, widgets are yet another vector.

The research authors do not proscribe a solution, rather they conclude that the code used to infect innocent computers changes rapidly, making a survey such as theirs hard to complete. Recently, CNET reviewed several browser companions that analyze and rate Web site search results, protecting you before you click.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Microsoft leaves Apple in the dust with tablet and laptop innovation in 2015

Will there be one Apple Ring to rule them all? That's what a patent application says. Plus, building the thinnest gadget isn't innovation anymore and Apple just got a reality check from Microsoft.

by Brian Tong