Google's anti-malware team uncovers million of potentially infected sites

Research by the search engine Google's anti-malware team uncovered more than 3 million potentially harmful Web sites. Weekly samples of infected sites among search results reached 1.3 percent in January, 2008 - a threefold increase on last year.

In a recent posting, the Google online security blog presented a summary of its latest 22-page report on the prevalence of drive-by downloads, where visitors are lured to click links that infect their browsers with malicious code.

The Google study discusses both the prevalence of drive-by sites and the techniques used to infect them. The most common technique is for hackers to gain access to Web servers by exploiting vulnerabilities in the server software. They will then "inject" content, often concealed within iFrames - miniscule zero pixel links - to trigger drive-by downloads from the site. HTML links in forums and blogs can also be used in the same way.

The increasing sophistication of malware programmers means that many potentially harmful sites are not themselves malicious, but contain content that points users to infected sites. On average 2 percent of malicious Web sites delivered malware via advertising, the study found, often in situations where advertising space was syndicated to other sites not known the original website owner.

"Ad serving networks are increasingly being used as hops in the malware serving chain," the report noted. "Even protected web-servers can be used as vehicles for transferring malware."

Contrary to popular belief, "safe browsing" where users avoid dubious content is no longer an effective safeguard. The team analyzed 7 million URLs and mapped them to the open directory (DMOZ) categories. While adult web sites increased the visitor's risk of being infected, potentially harmful sites showed up in all of the DMOZ categories.

The study also noted the "alarming contribution" of Chinese-based Web sites to the Web malware problem. Two-thirds of the malware distribution servers and 64 percent of the sites that linked to them were located in China, Google found.

Adapted from a story that appeared on our sister site,

You may like these other stories...

Accountants who specialize in forensic and valuation services point to electronic data analysis, or big data, as the most pressing issue they’ll face in the coming months, according to results of a new survey released...
As complex as federal tax can get, at least you're only dealing with one agency: the IRS. But when you get into state and local sales tax, you're coordinating hundreds of jurisdictions that are constantly changing....
All that was needed on Tuesday was a voice vote for the House of Representatives to pass a bill that would prevent state and local governments from taxing access to the Internet.Now the ball is in the Senate’s court....

Upcoming CPE Webinars

Jul 31
In this session Excel expert David Ringstrom helps beginners get up to speed in Microsoft Excel. However, even experienced Excel users will learn some new tricks, particularly when David discusses under-utilized aspects of Excel.
Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.