Google finds malware on 1 in 10 Web sites

Study by the search giant exposes a new trend among malicious hackers.

In a paper (PDF) presented at last month's HotBots 2007 conference, researchers from Google say they've found malware downloads lurking on 1 out of every 10 Web sites visited. For this study Google analyzed 4.5 million URLs. The researchers determined that 450,000 of these contained some form of malicious code. The researchers identified four methods used to infect the unsuspecting Internet surfer. One is site-based, such as compromises in Web server security, but the others involve common user activity such as downloading user-contributed content, clicking Web advertising, and installing third-party widgets.

Attacking Web servers can be done with just an Internet browser. By appending carefully formed JavaScript onto vulnerable Web URLs, criminal hackers can inject malicious code onto the desktops of all future visitors to that site. Recent flaws in QuickTime and other media files allow attackers to use user-contributed content, such as video or music downloads, to spread bad code. Recently, Exploit Prevention Labs sounded the alarm about attackers using Google AdSense advertising to spread malware. Finally, widgets are yet another vector.

The research authors do not proscribe a solution, rather they conclude that the code used to infect innocent computers changes rapidly, making a survey such as theirs hard to complete. Recently, CNET reviewed several browser companions that analyze and rate Web site search results, protecting you before you click.

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

CNET's giving away a 3D printer

Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.