Google warns of web malware epidemic

Powered by SC Magazine
 

One in ten internet sites are hosting code that attacks browsers, says Google.

A study released today by Google has warned of "very high levels" of malware being hosted on websites.

In a year-long scan of over 4.5 million sites the Google team found code on 450,000 pages that could inject malware onto users' PCs via improperly-patched browsers.

A further 700,000 sites hosted similar code that, while not necessarily malicious, could harm the security of the PC viewing the page.

"In most cases, a successful exploit results in the automatic installation of a malware binary, also called drive-by download," said the five-member team which wrote the Ghost in the Browser paper.

"The installed malware often enables an adversary to gain control over the compromised system and can be used to steal sensitive information such as banking passwords, to send out spam or to install more malicious executables over time."

Web propagation of malware differs from the traditional method of sending via email attachment in that no user interaction is required, merely a visit to the website.

The research highlighted four main attack vectors: web server security; user generated content; advertising; and third-party software.

User-generated content is being used to send malware, particularly if uploading to the site can be done anonymously.

Web advertising software is typically in JavaScript and the unscrupulous operator may simply hide their malware in seemingly legitimate code. Similarly, third-party applications like web counters or online polls may also harbour data.

The team found that much of the malware on the web is very advanced and can bypass some signature-based antivirus software. A small proportion of the code actually changed its signature almost every hour.

Copyright ©v3.co.uk


Google warns of web malware epidemic
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1802

Vote
Do you support the abolition of the Office of the Information Commissioner?