"Trusted" Web sites can no longer be trusted

A clarification was made to this story. Read below for details.

A clarification was made to this story. Read below for details.

Restricting your Web surfing to "trusted" sites is no longer enough to keep your machine safe from malware, according to security experts.

Malware was once restricted to sites offering free MP3s or porn but today it's increasingly being served up by some of the most popular sites on the Web.

The results of a new study by Google, show that one in 10 Web sites could be potential launch pads for "drive-by-download" malware attacks.

The search giant has found that around 70 percent of sites that have been compromised with malware were previously considered "legitimate".

"In the past it was enough to tell people not to go to dodgy sites," says Dan Nadir, vice president of product strategy for managed security provider ScanSafe. "[But] this is the new world -- where users are being exposed to malicious content without them being aware of it."

The issue was highlighted last week when readers of popular technology review site Tom's Hardware were infected with a Trojan via a well-known vulnerability in the way Windows handles animated cursor (.ani) files.

The Trojan -- Win32/TrojanDownloader.ani.gen -- was hidden in a third-party ad source, provided by Google and displayed on the site for 24 hours.

The ANI vulnerability, which has been identified and patched by Microsoft in early April, is a buffer overflow flaw that allows attackers to write code for a "drive-by" attack -- executed merely by viewing an infected page.

Nadir said it was alarming that a site as popular as Tom's Hardware (ranked in the top 1000 most popular sites according to Web statistics tracker Alexa) could be compromised.

He said many of today's most popular sites draw on content produced by third parties such as advertisements, widgets or user-contributed content.

This content can be used as vehicles for distributing malware without the knowledge of the site's owner.

Trend Micro PC-cillin Internet Security 2007

Review: Trend Micro
PC-cillin Internet Security 2007

Sites including MySpace and Wikipedia, Nadir said, fell victim to the similar "run of the mill" banner ad and link to malware as Tom's Hardware.

Nadir warned that corporate IT departments should not rely on URL filters to keep their users from being infected by malware.

"URL filters work by crawling the Internet, searching for such content with porn or hate [content] and adding these addresses to a database -- then blocking users from visiting that site in future.

"But malicious content is now setting up so fast; the crawlers are always looking at yesterday's data. You need to look for technology that can apply heuristics to find these things when they are new," Nadir told ZDNet Australia.

Clarification: This story has been updated to clarify that MySpace and Wikipedia were not victims of a vulnerability in Microsoft's Windows Media Player as Dan Nadir incorrectly stated.