Google's anti-malware team uncovers million of potentially infected sites

Posted by accountingweb on 319 printer friendly

Research by the search engine Google's anti-malware team uncovered more than 3 million potentially harmful Web sites. Weekly samples of infected sites among search results reached 1.3 percent in January, 2008 - a threefold increase on last year.

In a recent posting, the Google online security blog presented a summary of its latest 22-page report on the prevalence of drive-by downloads, where visitors are lured to click links that infect their browsers with malicious code.

The Google study discusses both the prevalence of drive-by sites and the techniques used to infect them. The most common technique is for hackers to gain access to Web servers by exploiting vulnerabilities in the server software. They will then "inject" content, often concealed within iFrames - miniscule zero pixel links - to trigger drive-by downloads from the site. HTML links in forums and blogs can also be used in the same way.

The increasing sophistication of malware programmers means that many potentially harmful sites are not themselves malicious, but contain content that points users to infected sites. On average 2 percent of malicious Web sites delivered malware via advertising, the study found, often in situations where advertising space was syndicated to other sites not known the original website owner.

"Ad serving networks are increasingly being used as hops in the malware serving chain," the report noted. "Even protected web-servers can be used as vehicles for transferring malware."

Contrary to popular belief, "safe browsing" where users avoid dubious content is no longer an effective safeguard. The team analyzed 7 million URLs and mapped them to the open directory (DMOZ) categories. While adult web sites increased the visitor's risk of being infected, potentially harmful sites showed up in all of the DMOZ categories.

The study also noted the "alarming contribution" of Chinese-based Web sites to the Web malware problem. Two-thirds of the malware distribution servers and 64 percent of the sites that linked to them were located in China, Google found.

Adapted from a story that appeared on our sister site,

Tags 
Technology
Excel

Voice of the Editor

What would you do if one of your clients won the lottery? We asked several accountants to weigh in with their advice for the lucky Powerball winner, and the tips we received are useful for anyone who receives a windfall, whether it's a lottery win, an inheritance, a big bonus on the job, or a killing in the stock market.
Read more
Gail Perry, CPA
Publisher/Editor-in-Chief, AccountingWEB
editor@accountingweb.com
ADVERTISEMENT

This Week on AccountingWEB

CPAs Mira Finé, Scott Hitchcock, Rob Keasal, Kathy Scorcio, and Ken Travis offer ten pieces of financial advice for the newest Powerball winner.
Hang Bower of BDO USA and Dan Black of Ernst & Young share their perspectives on why their firms made the Best Places to Work for Recent Grads 2013 list.
Herbein + Company, Inc. firm members talked with AccountingWEB about their year-round employee wellness program.
Bill Walter of Gross, Mendelsohn & Associates and Harold Gaar of TravisWolff LLP weigh in on mobile technology use while employees are at work.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT