Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Drive-by download sites treble in 12 months, Google reports

by
12th Feb 2008
Save content
Have you found this content useful? Use the button above to save it to your profile.

Research by the search engine Google's anti-malware team uncovered more than 3 million potentially harmful websites. Weekly samples of infected sites among search results reached 1.3% in January - a threefold increase on last year. John Stokdyk reports.

In its latest posting, the Google online security blog presented a summary of its latest 22-page report on the prevalence of drive-by downloads, where visitors are lured to click links that infect their browsers with malicious code.

The Google study discusses both the prevalence of drive-by sites and the techniques used to infect them. The most common technique is for hackers to gain access to web servers by exploiting vulnerabilities in the server software. They will then "inject" content, often concealed within iFrames - miniscule zero pixel links - to trigger drive-by downloads from the site. HTML links in forums and blogs can also be used in the same way.

The increasing sophistication of malware programmers means that many potentially harmful sites are not themselves malicious, but contain content that points users to infected sites. On average 2% of malicious web sites delivered malware via advertising, the study found, often in situations where advertising space was syndicated to other sites not known the original website owner.

"Ad serving networks are increasingly being used as hops in the malware serving chain," the report noted. "Even protected web-servers can be used as vehicles for transferring malware."

Contrary to popular belief, "safe browsing" where users avoid dubious content is no longer an effective safeguard. The team analysed 7 million URLs and mapped them to the open directory (DMOZ) categories. While adult web sites increased the visitor's risk of being infected, potentially harmful sites showed up in all of the DMOZ categories.

The study also noted the "alarming contribution" of Chinese-based web sites to the web malware problem. Two-thirds of the malware distribution servers and 64% of the sites that linked to them were located in China, Google found.

Tags:

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.