Saturday, May 12, 2007

Google and the Web-Based Malware

Google made an interesting study [PDF, 438 KB] about the pages that try to automatically install malware (the so-called "drive-by download") by exploiting flaws in Microsoft's Internet Explorer. By analyzing all the pages from Google's index, the study found that 450,000 URLs launched files that contained malware. If we assume Google's index has 20 billion pages, that means one in 2,222 pages launches malware. Trojans were the most frequent category of malware, followed by adware.

"The installed malware often enables an adversary to gain remote control over the compromised computer system and can be used to steal sensitive information such as banking passwords, to send out spam or to install more malicious executables over time."

It's also useful to know "the four prevalent mechanisms used to inject malicious content on popular websites: web server security, user contributed content, advertising and third-party widgets". As an example of widget, the study mentions a free stats counter that required users to include links to some external JavaScript files in order to monitor the traffic. At some point, the files started to include exploit code. In this case, the malware was outside the control of the webmaster, but could still be dangerous to the users.

"Examining our data corpus over time, we discovered that the majority of the exploits were hosted on third-party servers and not on the compromised web sites. The attacker had managed to compromise the web site content to point towards an external URL hosting the exploit either via iframes or external JavaScript."

Google started to flag the web sites that try to install malware (example of query). They're still included in Google's index, but you'll have to manually copy the URL and paste it in the address bar to visit the site. Most of the pages let you download pirated software and music. Also the newest version of Google Desktop shows warnings if you visit one of these sites.


The best defense against these threats is to use more secure browsers like Firefox or Opera and to install anti-virus / anti-spyware software (Google Pack includes all of these: Firefox, Norton Security Scan and Spyware Doctor, but there other free alternatives).

{ via BBC, that hires people who don't know how to count and draw the inaccurate conclusion that "one in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user's PC" .}

No comments:

Post a Comment