World News | Forum | UK News | USA News | Global News | Political News | Sci-Tech News | War & Terrorism News | Sports News | Multimedia | Set Homepage

Translate:

Monday, May 14th, 2007

One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user’s PC. Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to “in-depth analysis”.

About 450,000 were capable of launching so-called “drive-by downloads”, sites that install malicious code, such as spyware, without a user’s knowledge.

A further 700,000 pages were thought to contain code that could compromise a user’s computer, the team report.

To address the problem, the researchers say the company has “started an effort to identify all web pages on the internet that could be malicious”.

Phantom sites

Drive-by downloads are an increasingly common way to infect a computer or steal sensitive information.

They usually consist of malicious programs that automatically install when a potential victim visits a booby-trapped website.

“To entice users to install malware, adversaries employ social engineering,” wrote Google researcher Niels Provos and his colleagues in a paper titled The Ghost In The Browser.

“The user is presented with links that promise access to ‘interesting’ pages with explicit pornographic content, copyrighted software or media. A common example are sites that display thumbnails to adult videos.”

The vast majority exploit vulnerabilities in Microsoft’s Internet Explorer browser to install themselves.

Some downloads, such as those that alter bookmarks, install unwanted toolbars or change the start page of a browser, are an annoyance. But increasingly, criminals are using drive-bys to install keyloggers that steal login and password information.

Other pieces of malicious code hijack a computer turning it into a “bot”, a remotely controlled PC.

Drive-by downloads represent a shift away from traditional methods of infecting a computer, such as spam and email attachments.

Attack plan

As well as characterising the scale of the problem on the net, the Google study analysed the main methods by which criminals inject malicious code on to innocent web pages.

Spam e-mails are a common way to infect a computer

It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets.

Widgets are small programs that may, for example, display a calendar on a webpage or a web traffic counter. These are often downloaded from third-party sites.

The rise of web 2.0 and user-generated content gave criminals other channels, or vectors, of attack, it found.

For example, postings in blogs and forums that contain links to images or other content could unwittingly infect a user.

The study also found that gangs were able to hijack web servers, effectively taking over and infecting all of the web pages hosted on the computer.

In a test, the researchers’ computer was infected with 50 different pieces of malware by visiting a web page hosted on a hijacked server.

The firm is now in the process of mapping the malware threat.

Google, part of the StopBadware coalition, already warns users if they are about to visit a potentially harmful website, displaying a message that reads “this site may harm your computer” next to the search results.

“Marking pages with a label allows users to avoid exposure to such sites and results in fewer users being infected,” the researchers wrote.

However, the task will not be easy, they say.

“Finding all the web-based infection vectors is a significant challenge and requires almost complete knowledge of the web as a whole,” they wrote.

http://news.bbc.co.uk/1/hi/technology/6645895.stm?ls

Have Your Say: Google searches web’s dark side
Please read our posting guidelines before posting.
Alternatively you can discuss this report here.

RSS TrackBack URL

Name (required)

Mail (will not be published) (required)

Website

Related News

• Sears Spying On Its Users & Reveals Their Data
• U.S. Government Contractor Injects Malicious Software into Critical Military Computers
• NSA releases new version of Linux software
• Users offered virus disguised as IE7
• Protests force Facebook to change

This entry was posted on Monday, May 14th, 2007 at 3:51 pm and is filed under Science & Technology News . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Loading ...

ADVERTISEMENTS

SITE MAPS

7/7 Activism News Afghanistan Alternative-Energy Art Barack Obama BBC Big-Brother Bilderberg Biometrics Bush CCTV Censorship CIA Climate-Change Cover-Up Cults Culture Database-State David-Hicks David-Ray-Griffin Debt Democrats Demos Drugs Education Entertainment Environmental News EU False-Flag FBI Fraud Free-Speech Freemasons G8 Global-News Global-News Globalization Guantanamo Health-News History ID-Cards Internet Iran Iraq Israel John McCain Law Marches Media News MI5 MI6 Microsoft Military MoD Money Music NASA Neocons New World Order NSA Oil Pakistan Podcast Police-State Political News Propaganda Reviews RFID RINF Rumsfeld Science Science & Technology News Secrecy Security Slavery Space Sports Spy Spying Stephen-Lendman Technology Terrorism Tony-Blair Torture TV UK-News UN USA- USA-News Video Voting war War & Terrorism News Warfare Web Development News White-House Wolfowitz World_News Yahoo
2003 - 2005 Archives | 2005 - 2007 Archives | 2007 - 2008 Archives | Current Archives | Past Version