Google's anti-malware team uncovers million of potentially infected sites

Research by the search engine Google's anti-malware team uncovered more than 3 million potentially harmful Web sites. Weekly samples of infected sites among search results reached 1.3 percent in January, 2008 - a threefold increase on last year.

In a recent posting, the Google online security blog presented a summary of its latest 22-page report on the prevalence of drive-by downloads, where visitors are lured to click links that infect their browsers with malicious code.

The Google study discusses both the prevalence of drive-by sites and the techniques used to infect them. The most common technique is for hackers to gain access to Web servers by exploiting vulnerabilities in the server software. They will then "inject" content, often concealed within iFrames - miniscule zero pixel links - to trigger drive-by downloads from the site. HTML links in forums and blogs can also be used in the same way.

The increasing sophistication of malware programmers means that many potentially harmful sites are not themselves malicious, but contain content that points users to infected sites. On average 2 percent of malicious Web sites delivered malware via advertising, the study found, often in situations where advertising space was syndicated to other sites not known the original website owner.

"Ad serving networks are increasingly being used as hops in the malware serving chain," the report noted. "Even protected web-servers can be used as vehicles for transferring malware."

Contrary to popular belief, "safe browsing" where users avoid dubious content is no longer an effective safeguard. The team analyzed 7 million URLs and mapped them to the open directory (DMOZ) categories. While adult web sites increased the visitor's risk of being infected, potentially harmful sites showed up in all of the DMOZ categories.

The study also noted the "alarming contribution" of Chinese-based Web sites to the Web malware problem. Two-thirds of the malware distribution servers and 64 percent of the sites that linked to them were located in China, Google found.

Adapted from a story that appeared on our sister site,

You may like these other stories...

How are you planning? What tools do you use (or fail to use) for forecasting? PlanGuru is a business budgeting, forecasting, and performance review software company based in White Plains, N.Y. AccountingWEB recently spoke...
Event Date: October 30, 2014, 2 pm ETMany Excel users have a love-hate relationship with workbook links. For the uninitiated, workbook links allow you to connect one Microsoft Excel spreadsheet to other spreadsheets, Word...
Event Date: September 9, 2014, 2:00 pm ETIn this session we'll discuss the types of technologies and their uses in a small accounting firm office. Included will be:The networked office: connecting everything together for...

Already a member? log in here.

Upcoming CPE Webinars

Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.
Aug 26
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.