Google study finds 10% of web pages contain malicious code
Surfing can be dangerous to your PC. Google says one in 10 web pages it has investigated contains malicious software that could infect a user’s PC. Most of the infected web pages contained hidden codes that attempt to steal personal information such as passwords.
Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to “in-depth analysis” and found about 450,000 sites were capable of launching so-called “drive-by downloads” – sites that install malicious code, such as spyware, without a user’s knowledge. A further 700,000 pages were thought to contain code that could compromise a user’s PC, the researchers added.
In the report, published in the paper titled The Ghost In The Browser, Google researcher Niels Provos writes, “To entice users to install malware, adversaries employ social engineering. The user is presented with links that promise access to ‘interesting’ pages with explicit pornographic content, copyrighted software or media. A common example are sites that display thumbnails to adult videos.”
Researchers also found that hackers were attacking entire Web servers, trying to convert almost every page on the compromised server into a malware host. They were taking advantage of blog comment features and other Web 2.0 means of eliciting user-generated content as means to promote malware sites or to distribute software-based attacks.
Researchers say these sites mark a shift away from traditional methods of infecting a computer, such as spam and email attachments.
To address the problem, the researchers say that Google has “started an effort to identify all web pages on the Internet that could be malicious”.
Google already alerts users if they are about to visit a potentially harmful website by displaying a message that reads “this site may harm your computer”.
“Marking pages with a label allows users to avoid exposure to such sites and results in fewer users being infected,” they said. However, the task will not be easy. Finding all the web-based infection vectors is a significant challenge and requires almost complete knowledge of the web as a whole”, the researchers wrote.
Related Posts:
