Google: Microsoft IIS 'twice as often' serving malware

Summary:Research from Google's new anti-malware team suggests that Microsoft's IIS server features "twice as often" as a server firing drive-by malware downloads.

Researchers in Google's new anti-malware team found that Microsoft's IIS (Internet Information Services) server software was being used to launch drive-by malware downloads more than any other server type.

The statistics come from a Google examination of 70,000 domains that have been either distributing malware or have been responsible for hosting browser exploits.

"Compared to our sample of servers across the Internet, Microsoft IIS features twice as often (49% vs. 23%) as a malware distributing server," says Google malware researcher Nagendra Modadugu.

Web server software distribution across malicious servers.

Microsoft IIS and the open-source Apache server account for about 90 percent of all server software distribution across the Internet but the Google numbers show these are the two servers serving up almost all (98%) of all malware.Modadugu makes it clear that not all of these dirty servers were hijacked by attackers, stressing that it is very likely that some servers are configured to serve up exploits by malware authors.

Modadugu also offers a glimpse into the geographic location of these malicious servers, highlighting the fact that a lot of dirty IIS servers are in places that are known to be hotbeds for software piracy (China and South Korea). Because Microsoft does not offer security patches for some pirated software, these servers are more likely to be vulnerable to a remote compromise/takeover.

See Modadugu's blog entry for a deeper look at the numbers. Techmeme discussion.

Topics: Servers, Google, Malware, Microsoft

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.