[Infowarrior] - The Web is Dangerous, Google Warns

Sun Feb 17 16:53:51 UTC 2008

 The Web is Dangerous, Google Warns

Robert McMillan, IDG News ServiceSat Feb 16, 8:30 AM ET

http://tinyurl.com/3xv3bb

The Web is scarier than most people realize, according to research published
recently by Google.

The search engine giant trained its Web crawling software on billions of Web
addresses over the past year looking for malicious pages that tried to
attack their visitors. They found more than 3 million of them, meaning that
about one in 1,000 Web pages is malicious, according to Neils Provos, a
senior staff software engineer with Google.

These Web-based attacks, called "drive-by downloads" by security experts,
have become much more common in recent years as firewalls and better
security practices by Microsoft have made it harder for worms and viruses to
directly attack computers.

In the past year the Web sites of Al Gore's "An Inconvenient Truth" movie
and the Miami Dolphins were hacked, and the MySpace profile of Alicia Keys
was used to attack visitors.

Criminals are getting better at this kind of work. They have built very
successful automated tools that poke and prod Web sites, looking for
programming errors and then exploit these flaws to install the drive-by
download software. Often this code opens an invisible iFrame page on the
victim's browser that redirects it to a malicious Web server. That server
then tries to install code on the victim's PC. "The bad guys are getting
exceptionally good at automating those attacks," said Roger Thompson, chief
research officer with security vendor Grisoft.

In response, Google has stepped up its game. One of the reasons it has been
scouring the Web for malicious pages is so that it can identify
drive-by-download sites and warn Google searchers before they visit them.
Nowadays about 1.3 percent of all Google search queries list malicious
results somewhere on the first few pages.

Some of the data surprised Provos.

"When we started going into this I had the firm intuition that if you go to
the sleazier parts of the Web, you are in more danger," he said.

It turns out the Web's nice neighborhoods aren't necessarily safer than its
red-light districts.

"We looked into this and indeed we found that if you ended up going to
adult-oriented pages, your risk of being exposed [to malicious software] was
slightly higher," he said. But "there really wasn't a huge difference."

"Staying away from the disreputable part of the Internet really isn't good
enough," he noted.

Another interesting finding: China was far and away the greatest source of
malicious Web sites. According to Google's research, 67 percent of all
malware distribution sites are hosted in China. The second-worst offender?
The U.S., at 15 percent, followed by Russia, (4 percent) Malaysia (2.2
percent) and Korea (2 percent).

It costs next-to-nothing to register a Web domain in China and service
providers are often slow to shut down malicious pages, said Thompson.
"They're the Kleenex Web sites," he said. Criminals "know they're going to
be shut down, and they don't care."

Malicious site operators in China fall into two broad categories, Thompson
said: fraudsters looking to steal your banking password, and teenagers who
want to steal your World of Warcraft character.

So how to stop this growing pestilence?

Google's Provos has this advice for Web surfers: Turn automatic updates on.
"You should always run your software as updated as possible and install some
kind of antivirus technology," he said.

But he also thinks that Webmasters will have to get smarter about building
secure Web sites. "I think it will take concentrated efforts on all parts,"
for the problem to go away, he said.