Niels Provos from Google's anti-malware team has written a blog about their findings.
http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-to-us.html
He studied sites that [attempt to] automatically install malware when you visit them, which he calls "drive-by downloads". The blog and report say they have found over 3,000,000 URLs on over 180,000 sites that do this. 67% of these servers are located in China. He says recently about 1.3% of searches had at least one result that they considered malicious. About 2% of those sites were delivering the malware via advertisements.
In the below report he says that firewalls, dynamic addressing, and proxies offer no barriers to these.
"All Your iFrame Are Point to Us" (draft) http://research.google.com/archive/provos-2008a.pdf [pdf]
"Ghost in the Browser" http://www.usenix.org/event/hotbots07/tech/full_papers/provos/provos.pdf [pdf]
slashdot comments http://it.slashdot.org/article.pl?sid=08/02/17/2145242
|
[moved from "Google report: How drive-by download malware spreads". -Philipp]
A coverage analysis from Google security people has been released.
The sad fact is that more than 180,000 Web sites are automatically installing malware, says Mr. Niels Provos of Google Anti-Malware Team.
Link: http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-to-us.html
covered via /. too http://it.slashdot.org/it/08/02/17/2145242.shtml
A technical report in PDF format is located here: http://research.google.com/archive/provos-2008a.pdf |