|
Malware Runs Rampant on the Web: Google
In its new report on Web-based malware, Google said
that some of the most common malware sites were those that contained
advertising, and that average computer users have no way to protect against
these malicious threats. The Google report on malware found that a browser can
be compromised just by visiting a Web page.
According to Google research, hundreds of thousands of Web sites are infected
with malicious software that could give attackers the ability to steal the
personal identities of visitors.
The research, titled "The Ghost in the Browser: Analysis of Web-Based
Malware," reported that an adversary who can successfully compromise a victim's
browser can gain access to banking and medical records, authorization passwords,
and personal communication records.
Google said that in its analysis of several billion URLs and an in-depth look
at 4.5 million Web sites over a 12-month period, it discovered 450,000 sites
were successfully launching drive-by-downloads of malware code.
Graham Cluley, a senior analyst with security firm Sophos, said researchers at his firm agree with Google's findings.
"Everybody needs to learn to protect themselves better from these kind of
attacks," he said. "More and more businesses are recognizing the need to scan
their Web gateway just as they do their e-mail gateway to keep abreast of
emerging threats."
Sitting Ducks?
Google also concluded that average computer users have no way to protect
against these threats. "Their browser can be compromised just by visiting a page
and become the vehicle for installing multitudes of malware on their systems,"
the nine-page report announced.
Google discovered that some of the most common malware sites were those that
contained advertising. Sites that offer up user-generated content, such as blogs
and forums, and those that offer third-party widgets, such as free traffic
counters, are also commonly used by attackers looking to install code that makes
victims of visitors.
As many antivirus engines rely on creating signatures from malware samples,
adversaries can prevent detection by changing their code more frequently than
antivirus engines are updated with new signatures, according to the Google
study.
Threat Clarified
Although Cluley agreed with Google's research, he said it's important to
clarify the threat. Some news headlines, he noted, have declared that Google's
research revealed one in 10 Web sites are infected. But, he added, that's not
accurate. The one-to-10 ratio is only true of the pages that Google already
decided were worthy of further investigation, he clarified.
In its own research, Sophos discovers an average of 8,193 new malicious Web
pages each day. What's most worrying, Cluley argued, is that 70 percent of these
infected Web pages are on legitimate Web sites. In other words, the offending
pages are often on sites that have been hacked or had malware planted on them
without the owner of the Web page necessarily knowing.
"The Web is the new battleground between the good guys and the bad guys -- if
you have not already defended yourself then there is no time to lose," Cluley
said. "Defense can come in the form of multilayered protection, such as desktop,
e-mail, and Web gateways, but should be combined with security updates for your
browsers and client firewalls."
By Jennifer LeClaire, NewsFactor Network
|
