Tens of housands of web sites in Australia could be infected with what has been described by Google researchers as “drive by” downloads of malicious code, such as spyware, without a user’s knowledge.
One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user’s PC. Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to “in-depth analysis”. <\/P>
About 450,000 were capable of launching so-called “drive-by downloads”, sites that install malicious code, such as spyware, without a user’s knowledge. A further 700,000 pages were thought to contain code that could compromise a user’s computer, the team report. <\/P>
To address the problem, the researchers say the company has “started an effort to identify all web pages on the internet that could be malicious”. <\/P>
Phantom sites <\/P>
Drive-by downloads are an increasingly common way to infect a computer or steal sensitive information. They usually consist of malicious programs that automatically install when a potential victim visits a booby-trapped website. “To entice users to install malware, adversaries employ social engineering,” wrote Google researcher Niels Provos and his colleagues in a paper titled The Ghost In The Browser. <\/P>
Avoiding attacks <\/P>
“The user is presented with links that promise access to ‘interesting’ pages with explicit pornographic content, copyrighted software or media. A common example are sites that display thumbnails to adult videos.” The vast majority exploit vulnerabilities in Microsoft’s Internet Explorer browser to install themselves. <\/P>
Some downloads, such as those that alter bookmarks, install unwanted toolbars or change the start page of a browser, are an annoyance. But increasingly, criminals are using drive-bys to install keyloggers that steal login and password information. Other pieces of malicious code hijack a computer turning it into a “bot”, a remotely controlled PC. <\/P>
Drive-by downloads represent a shift away from traditional methods of infecting a computer, such as spam and email attachments. <\/P>
Attack plan <\/P>
As well as characterising the scale of the problem on the net, the Google study analysed the main methods by which criminals inject malicious code on to innocent web pages. <\/P>
Spam e-mails are a common way to infect a computer It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets. <\/P>
Widgets are small programs that may, for example, display a calendar on a webpage or a web traffic counter. These are often downloaded from third-party sites. The rise of web 2.0 and user-generated content gave criminals other channels, or vectors, of attack, it found. <\/P>
For example, postings in blogs and forums that contain links to images or other content could unwittingly infect a user. The study also found that gangs were able to hijack web servers, effectively taking over and infecting all of the web pages hosted on the computer. <\/P>
In a test, the researchers’ computer was infected with 50 different pieces of malware by visiting a web page hosted on a hijacked server. <\/P>
The firm is now in the process of mapping the malware threat. Google, part of the StopBadware coalition, already warns users if they are about to visit a potentially harmful website, displaying a message that reads “this site may harm your computer” next to the search results. <\/P>
“Marking pages with a label allows users to avoid exposure to such sites and results in fewer users being infected,” the researchers wrote. <\/P>
However, the task will not be easy, they say. “Finding all the web-based infection vectors is a significant challenge and requires almost complete knowledge of the web as a whole,” they wrote.
<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"
Tens of housands of web sites in Australia could be infected with what has been described by Google researchers as “drive by” downloads of malicious code, such as spyware, without a user’s knowledge.<\/p>\n","protected":false},"author":74,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"gallery","meta":{"footnotes":""},"categories":[28,27],"tags":[],"class_list":["post-83254","post","type-post","status-publish","format-gallery","hentry","category-archive","category-internet","post_format-post-format-gallery"],"yoast_head":"\n