Google finds malware on 1 in 10 Web sites

Study by the search giant exposes a new trend among malicious hackers.

In a paper (PDF) presented at last month's HotBots 2007 conference, researchers from Google say they've found malware downloads lurking on 1 out of every 10 Web sites visited. For this study Google analyzed 4.5 million URLs. The researchers determined that 450,000 of these contained some form of malicious code. The researchers identified four methods used to infect the unsuspecting Internet surfer. One is site-based, such as compromises in Web server security, but the others involve common user activity such as downloading user-contributed content, clicking Web advertising, and installing third-party widgets.

Attacking Web servers can be done with just an Internet browser. By appending carefully formed JavaScript onto vulnerable Web URLs, criminal hackers can inject malicious code onto the desktops of all future visitors to that site. Recent flaws in QuickTime and other media files allow attackers to use user-contributed content, such as video or music downloads, to spread bad code. Recently, Exploit Prevention Labs sounded the alarm about attackers using Google AdSense advertising to spread malware. Finally, widgets are yet another vector.

The research authors do not proscribe a solution, rather they conclude that the code used to infect innocent computers changes rapidly, making a survey such as theirs hard to complete. Recently, CNET reviewed several browser companions that analyze and rate Web site search results, protecting you before you click.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

iPhone 6S chip controversy over battery life

Not all new iPhones have the same processor chip, but Apple says differences in performance are minimal. Apple also pulls ad-blocking apps over privacy concerns, and Netflix raises its price again.

by Bridget Carey