Google warns of drive-by downloads

Google warns of drive-by downloads

Summary: The search giant has warned of an increase in drive-by download attempts, in which malicious websites exploit browser vulnerabilities to execute malicious code

SHARE:
TOPICS: Security
0

Drive-by downloads, in which malicious websites exploit browser vulnerabilities to execute malicious code, have increased since April 2007, warned Google researchers last week.

In April 2007, fewer than 0.4 percent of searches returned at least one harmful result. However, this had increased to over 1.3 percent in January 2008, warned Google researcher Niels Provos in a Google blog post.

Drive-by downloads are caused by URLs that attempt to exploit their visitors and cause malware to be installed and run automatically. The malicious sites target web-browser vulnerabilities to automatically download and run the binary when a user visits the site. Targeting web-browser vulnerabilities can circumvent some traditional security systems, such as firewalls.

The Google researchers investigated billions of URLs over the past year-and-a-half, and found more than three million unique URLs on over 180,000 websites automatically installing malware, said the blog post.

Web servers are targeted to host the malware. The researchers blamed poor patching of Apache and PHP servers for the amount of compromised sites. The Google researchers also wrote in a paper called All Your iFrames Point To Us that 67 percent of compromised servers and 64 percent of the websites that link to them are located in China. The paper is currently under peer review.

Read this

Feature

Q&A: Be alert to booby-trapped web pages

Trend Micro chief technology officer Raimund Genes warns that online life is about to get much hairier...

Read more

"These results raise serious question about the security practices employed by website administrators," wrote the researchers.

According to a Google source, Google security researchers report compromised sites to StopBadware.org, a clearinghouse for web malware research run by Harvard Law School, Oxford University, and technology companies including Google, Lenovo and Sun.

Google returns all search results, including suspect sites, to a user. However, Google uses the StopBadware.org list of compromised sites to place "interstitial pages" (pages that sits between the search results pages and the suspect page) between the user and the suspect site they wish to visit. Once the user has been warned that the site is probably compromised, they have the option to then click through to the site if they wish.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion