Fighting malware and spam
Over 1 per cent of search results include malicious sites
Google research paper confirms significant increase in number of malware-serving websites.
Recent reports of increasing numbers of websites serving malicious content have been confirmed in a paper published by researchers from Google.
The researchers report finding over three million URLs serving malware, as detected by at least one anti-virus program, with another three million showing suspicious behaviour. In most cases, the malware is loaded into the page via a piece of JavaScript code or via an iframe linking to an external site, with almost 10,000 sites found to be actually hosting the malware.
Though these numbers may seem insignificant among the billions of websites on the internet, more than 1% of all Google search results pages now contain at least one site serving malware, a figure which has quadrupled in the past nine months.
Not surprisingly, users who visit websites with adult content have a higher risk of running into malware. However, this does not mean that these are the only sites that pose a threat, as malware was found on every type of website, according to the Open Directory Project categorisation of websites. In fact, most malware-serving websites are genuine sites that have been compromised. This may be partly the fault of website administrators, as over 38% of malware-serving websites that run the Apache server software use an out-of-date version, with another 26% not reporting their version number. 40% of the PHP versions in use were also found to be out of date.
The researchers also looked into the global distribution of malicious websites. Of the sites serving malware, as well as of those actually hosting the malware, two thirds are located in China, with the United States and Russia taking second and third place in both categories. However, these figures vary greatly from country to country. For instance, for 96% of Chinese websites serving malware, the malware is also hosted in China.
The paper confirms a worrying trend of increasing numbers of genuine websites serving malware, and implies that the former 'safe browsing' strategy of visiting only trusted sites is fast becoming impossible to implement. Web users can protect themselves by ensuring they run reputable security software and keeping it updated, and web administrators must ensure they run up-to-date versions of server software and keep their sites clean.
A summary of findings can be found at Google's Online Security Blog here, while the original paper can be downloaded (in PDF format) here.
12 February 2008
Tags:
apache, drive-by download, google, php.
del.icio.us 
digg this
ARF published as IETF standard
Abuse report format helps auto-handling of email complaints
02 September 2010
Microsoft releases new fix for DLL vulnerability
Earlier workaround believed to be too complex for most users.
01 September 2010
Malicious tweets link to fake TweetDeck update
Twitter resets passwords for accounts that appear to have been hacked.
01 September 2010
94% of Internet users befriend unknown 'good-looking woman'
Sensitiva data shared after two-hour chat. (1 comment)
31 August 2010
Investment boost for Quick Heal
Indian security firm gets hefty cash injection.
27 August 2010
Quick Links
 |
 |
 |
Poll
When do you install software updates?Leave a comment
View 12 comments
1 hour ago
5 hours ago
VB100 certification
With another epic haul of 54 products to test this month, the VB test team could
have done without the bad behaviour of a number of products: terrible product
design, lack of accountability for activities, blatant false alarms in major
software, numerous problems detecting the WildList set, and some horrendous
instability under pressure. Happily, there were also some good performances to
balance things out. John Hawes has the details.
See full results.
Virus Bulletin currently has 208,221 registered users.