ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Google warns of drive-by downloads

Tom Espiner ZDNet.co.uk

Published: 19 Feb 2008 14:58 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Drive-by downloads, in which malicious websites exploit browser vulnerabilities to execute malicious code, have increased since April 2007, warned Google researchers last week.

In April 2007, fewer than 0.4 percent of searches returned at least one harmful result. However, this had increased to over 1.3 percent in January 2008, warned Google researcher Niels Provos in a Google blog post.

Drive-by downloads are caused by URLs that attempt to exploit their visitors and cause malware to be installed and run automatically. The malicious sites target web-browser vulnerabilities to automatically download and run the binary when a user visits the site. Targeting web-browser vulnerabilities can circumvent some traditional security systems, such as firewalls.

The Google researchers investigated billions of URLs over the past year-and-a-half, and found more than three million unique URLs on over 180,000 websites automatically installing malware, said the blog post.

Read this

Feature
Q&A: Be alert to booby-trapped web pages

Trend Micro chief technology officer Raimund Genes warns that online life is about to get much hairier...

Read more +

Web servers are targeted to host the malware. The researchers blamed poor patching of Apache and PHP servers for the amount of compromised sites. The Google researchers also wrote in a paper called All Your iFrames Point To Us that 67 percent of compromised servers and 64 percent of the websites that link to them are located in China. The paper is currently under peer review.

"These results raise serious question about the security practices employed by website administrators," wrote the researchers.

According to a Google source, Google security researchers report compromised sites to StopBadware.org, a clearinghouse for web malware research run by Harvard Law School, Oxford University, and technology companies including Google, Lenovo and Sun.

Google returns all search results, including suspect sites, to a user. However, Google uses the StopBadware.org list of compromised sites to place "interstitial pages" (pages that sits between the search results pages and the suspect page) between the user and the suspect site they wish to visit. Once the user has been warned that the site is probably compromised, they have the option to then click through to the site if they wish.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
12 out of 12 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

Project Officer

Trusts websites with the support of the Communications team. Detailed technical knowledge is not required but the post-holder will ensure that all ...

Test Manager needed for web-based Project

Key attributes for potentinal candidates include: -Experience in a similar web-based role -Thorough experience of Internet websites and browser based ...

Associate Director of Business Intelligence

You will represent the Trust on local, regional and national professional forums and will ensure that the Trust is well positioned to exploit any ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

2 comments

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers