Google is warning Web users of the increasing threat posed by malicious software that can be dropped onto a computer as a Web surfer visits a particular site.
The search giant carried out in-depth research on 4.5 million Web sites and found that about one in 10 Web pages could successfully "drive-by download" a Trojan horse virus onto a visitor's computer. Such malicious software potentially enables hackers to access sensitive data stored on the computer or its network, or to install rogue applications.
Google's report (PDF: The Ghost in the Browser: Analysis of Web-based Malware), published last week, said the rise in Web-based malicious software has been aided by the increasing role that the Internet plays in everyday life, along with the ease in setting up Web sites.
Graham Cluley, senior technology consultant at Sophos, said Google is highlighting a worsening trend and "a considerable problem" for businesses and individual Web navigators.
An average of 8,000 new URLs containing malicious software emerged each week during April, Cluley said, adding that the notion that such software resides only in the darker corners of the Internet is very outdated. Seventy percent of Web pages hosting rogue software are found on legitimate sites targeted by hackers, according to Sophos.
To place malicious software on Web sites, hackers are manipulating Web server security, user-posted content, advertising and third-party widgets, Cluley said. "They used to spread malware by e-mail attachment. What they do now is spam out URLs."
Cluley warned businesses that they "cannot protect users by restricting what sites they go to. You need to start protecting your Web access as well as your e-mail gateway."
Tim Ferguson of Silicon.com reported from London.