View Full Version : One in 10 web pages laced with malware - Google

2007-05-12, 11:07

- http://www.theregister.com/2007/05/11/google_malware_map/
11 May 2007 ~ "At least one in 10 web pages are booby-trapped with malware, according to Google. A five-strong Google research team found that 450,000 pages, out of a sample of 4.5 million pages, contained scripts to install malicious code, such as Trojans and spyware on vulnerable PCs, the BBC reports*. This is a conservative estimate - another 700,000 pages given the once-over were thought to be suspicious by Google. Google's Ghost in the Browser study (PDF**) covers the well-understood problem of drive-by-downloads from compromised sites, which are eclipsing virus-infected email as a means to spread malware... Tricks include hacking into a web server to plant malware, or planting it within third-party widgets or advertising. User-generated content also creates a means to upload malware. The researchers hope to use their findings to "map" the problem and aid the development of a new generation of safe surfing tools that steer users away from harm."

* http://news.bbc.co.uk/2/hi/technology/6645895.stm

** http://www.usenix.org/events/hotbots07/tech/full_papers/provos/provos.pdf

:fear: :spider: :sad:

2007-05-17, 03:24

- http://www.websense.com/securitylabs/blog/blog.php?BlogID=125
May 16 2007
"...The Good NEWS
Several media reports used headlines similar to: “10% of sites are Dangerous” and “Google finds 10% of sites are malware laced”. The headlines and reports read as though 10% of the websites on the entire Internet contain malicious code. While we believe that the report does not portray this as an overall percentage of the websites. It is a representation of the number of sites that matched a pre-qualified list of candidate URL’s. The good NEWS is that 10% of the *entire* web does not contain malicious code.
As previously mentioned, we encourage this type of research and were happy to see Google spending resources on investigating the very serious problem of web borne attacks. Not only is the number of sites hosting malicious code rising, but the amount of samples on those sites is increasing, the sophistication of the attacks is rising, and the coverage of traditional signature-based technologies is declining. The BAD NEWS is that Google only covered the tip of the iceberg in the study. While 10% of the entire web is not plagued with malicious code the situation is indeed getting worse. The report did a good job at representing the data that Google collected and researched, however other areas of web attacks need to be mentioned in combination with search engine queries. The following are *some* (note: not all) of the methods we are seeing on a daily basis with our ThreatSeeker™ technology which mines more than 90 million websites every 24 hours and performs advanced reputation analysis on an additional 10 million sites, domains, IP addresses, and networks per day.
Additional Web Attack Method Examples:
* Email and Instant Messaging Lures
* Deception attacks that use social engineering to gather data from the user
* Deception attacks that entice users to run malicious code without an exploit
* Compromising of well-known sites with malicious code for a small period of time
* Typo-Attacks on popular domain names
* Update sites that act as a central hub for Trojan Downloader’s to get refreshed..."

(Screenshots and more detail at the URL above.)