TELECOM Digest OnLine - Sorted: Google Searches Web's Dark Side


Google Searches Web's Dark Side


BBC News Wire (bbc@telecom-digest.org)
Thu, 14 Jun 2007 05:20:46 -0500

One in ten web pages -- about ten percent -- scrutinised by search
giant Google contained malicious code that could infect a user's PC.
Researchers from the firm surveyed billions of sites, subjecting 4.5
million pages to "in-depth analysis".

About 450,000, or ten percent of those examined, were capable of
launching so-called "drive-by downloads", sites that install malicious
code, such as spyware, without a user's knowledge.

A further 700,000 pages were thought to contain code that could
compromise a user's computer, the team report.

To address the problem, the researchers say the company has "started
an effort to identify all web pages on the internet that could be
malicious".

Phantom sites

Drive-by downloads are an increasingly common way to infect a computer
or steal sensitive information.

They usually consist of malicious programs that automatically install
when a potential victim visits a booby-trapped website.

"To entice users to install malware, adversaries employ social
engineering," wrote Google researcher Niels Provos and his colleagues
in a paper titled The Ghost In The Browser.

Finding all the web-based infection vectors is a significant challenge
and requires almost complete knowledge of the web

Avoiding attacks

"The user is presented with links that promise access to 'interesting'
pages with explicit pornographic content, copyrighted software or
media. A common example are sites that display thumbnails to adult
videos."

The vast majority exploit vulnerabilities in Microsoft's Internet
Explorer browser to install themselves.

Some downloads, such as those that alter bookmarks, install unwanted
toolbars or change the start page of a browser, are an annoyance. But
increasingly, criminals are using drive-bys to install keyloggers that
steal login and password information.

Other pieces of malicious code hijack a computer turning it into a
"bot", a remotely controlled PC.

Drive-by downloads represent a shift away from traditional methods of
infecting a computer, such as spam and email attachments.

Attack plan

As well as characterising the scale of the problem on the net, the
Google study analysed the main methods by which criminals inject
malicious code on to innocent web pages.

It found that the code was often contained in those parts of the
website not designed or controlled by the website owner, such as
banner adverts and widgets.

Widgets are small programs that may, for example, display a calendar
on a webpage or a web traffic counter. These are often downloaded from
third-party sites.

The rise of web 2.0 and user-generated content gave criminals other
channels, or vectors, of attack, it found.

For example, postings in blogs and forums that contain links to images
or other content could unwittingly infect a user.

The study also found that gangs were able to hijack web servers,
effectively taking over and infecting all of the web pages hosted on
the computer.

In a test, the researchers' computer was infected with 50 different
pieces of malware by visiting a web page hosted on a hijacked server.

The firm is now in the process of mapping the malware threat.

Google, part of the StopBadware coalition, already warns users if they
are about to visit a potentially harmful website, displaying a message
that reads "this site may harm your computer" next to the search
results.

"Marking pages with a label allows users to avoid exposure to such
sites and results in fewer users being infected," the researchers
wrote.

However, the task will not be easy, they say.

"Finding all the web-based infection vectors is a significant
challenge and requires almost complete knowledge of the web as a
whole," they wrote.

Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/6645895.stm

Copyright 2007 BBC

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. And, discuss this and other topics in our forum at
http://telecom-digest.org/forum (or)
http://telecom-digest.org/chat/index.html

For more news and headlines, please go to:
http://telecom-digest.org/td-extra/BBC.html

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: BBC News Wire: "Malicious Code On Rise: Web Sites Responsible"
Go to Previous message: TELECOM Digest Editor: "'Dr. Phil Show' Gets Ripped Off by Con Artist"
TELECOM Digest: Home Page