Google's anti-malware team uncovers million of potentially infected sites

Research by the search engine Google's anti-malware team uncovered more than 3 million potentially harmful Web sites. Weekly samples of infected sites among search results reached 1.3 percent in January, 2008 - a threefold increase on last year.

In a recent posting, the Google online security blog presented a summary of its latest 22-page report on the prevalence of drive-by downloads, where visitors are lured to click links that infect their browsers with malicious code.

The Google study discusses both the prevalence of drive-by sites and the techniques used to infect them. The most common technique is for hackers to gain access to Web servers by exploiting vulnerabilities in the server software. They will then "inject" content, often concealed within iFrames - miniscule zero pixel links - to trigger drive-by downloads from the site. HTML links in forums and blogs can also be used in the same way.

The increasing sophistication of malware programmers means that many potentially harmful sites are not themselves malicious, but contain content that points users to infected sites. On average 2 percent of malicious Web sites delivered malware via advertising, the study found, often in situations where advertising space was syndicated to other sites not known the original website owner.

"Ad serving networks are increasingly being used as hops in the malware serving chain," the report noted. "Even protected web-servers can be used as vehicles for transferring malware."

Contrary to popular belief, "safe browsing" where users avoid dubious content is no longer an effective safeguard. The team analyzed 7 million URLs and mapped them to the open directory (DMOZ) categories. While adult web sites increased the visitor's risk of being infected, potentially harmful sites showed up in all of the DMOZ categories.

The study also noted the "alarming contribution" of Chinese-based Web sites to the Web malware problem. Two-thirds of the malware distribution servers and 64 percent of the sites that linked to them were located in China, Google found.

Adapted from a story that appeared on our sister site,

You may like these other stories...

It's not a reality—yet—but accounting software is poised to eliminate accountants. We are at a tipping point for many similar professions: online education replacing professors, legal software replacing...
Whenever I speak to accountants about creating a cloud practice, the most common question is, “How do I charge my clients?” Ten years ago, maybe even five years ago, if I would’ve posed this question...
While reputational risk is the No. 1 nonfinancial concern among corporate directors, cybersecurity/IT risk is gaining steam. In fact, both private companies and organizations with more than $1 billion in revenue felt they...

Upcoming CPE Webinars

Jul 31
In this session Excel expert David Ringstrom helps beginners get up to speed in Microsoft Excel. However, even experienced Excel users will learn some new tricks, particularly when David discusses under-utilized aspects of Excel.
Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.
Aug 20
In this session we'll review best practices for how to generate interest in your firm’s services.
Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.