Friday, May 18, 2007

Google Research Finds 10 Percent of Web Pages Hold Malware

According to research from Google, 10 percent of web pages contain malicious code. Google closely analyzed 4.5 million web pages over the course of a year and found that approximately ten percent, or 450,000, had the capability of installing malware without users' knowledge. An additional 700,000 pages are believed to be infected with code that could harm users' computers. The company says it has "started an effort to identify all web pages in the Internet that could be malicious."
Most entice users to visit the dangerous pages through tempting offers, and exploit holes in Microsoft Internet Explorer (IE) to install themselves on users' computers. Google also examined the vectors used by attackers to infect these web pages; most malicious code was located in elements beyond the control of website owners, such as banner advertisements and widgets.

Google Searches Web's Dark Side
The Ghost in the Browser: Analysis of Web-based Malware
[ Editor's Note (Skoudis): This is a very good piece of research, and contributes significantly to our understanding the malware threat better. I recommend that you read it. Also, it shows that today's Internet is a cesspool of malware. Using mainstream browsers with patches that often follow weeks after exploits are in the wild is an increasingly dangerous proposition.]
Source: SANS NewsBites Vol. 9 Num. 39

CORRECTION: 05.21.07
From -- Regarding the story we ran in the last edition of NewsBites about Google's Web-Based Malware study: The researchers identified 450,000 URLs launching drive-by downloads from a set of 4.5 million, which in turn had been culled from a larger set of 7 billion URLs, giving a much lower rate of malware incidence than we indicated. We regret any confusion this may have caused.