Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google's Research on Malware Distribution

Posted by Soulskill on from the making-a-mountain-out-of-a-really-big-piece-of-rock dept.

GSGKT writes "Google's Anti-Malware Team has made available some of their research data on malware distribution mechanisms while the research paper[PDF] is under peer review. Among their conclusions are that the majority of malware distribution sites are hosted in China, and that 1.3% of Google searches return at least one link to a malicious site. The lead author, Niels Provos, wrote, 'It has been over a year and a half since we started to identify web pages that infect vulnerable hosts via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running malware automatically. During that time we have investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware. During the course of our research, we have investigated not only the prevalence of drive-by downloads but also how users are being exposed to malware and how it is being distributed.'"

8 of 83 comments (clear)

  1. Read it again by EmbeddedJanitor · · Score: 4, Insightful
    There are three million bad URLs being served off 180,000 web sites.

    Three million out of billions is not bad, assuming randomness (only, say 1 in 1000 chance of using a bad URL), but it is a lot worse than 180k out of billions.

    However not all URLs are used equally. Bad URLs linked to some popular pron site, for instance, will get hit a lot more than Joe Sixpack's facebook site.

    --
    Engineering is the art of compromise.
    1. Re:Read it again by Anonymous Coward · · Score: 2, Insightful

      Also, it would likely be inaccurate to assume uniform randomness for the appearance of those pages in search results. They are likely optimized to turn up for very popular queries with every SEO trick available. So it's still 3 million out of billions, but those 3 million likely get significantly more than traffic than an average page.

  2. Search engine ranking by Anonymous Coward · · Score: 0, Insightful

    H1 = Very important
    H2 = Pretty important
    H3 = Important
    H4 = Less important, but still important
    H5 = Less important
    H6 = Even less important

    JavaScript (yes) = Punish website
    JavaScript (no) = Reward website
    JavaScript OnLoad = Double punish website

    HTML/XHTML compliance = Reward website
    HTML/XHTML not compliance = Punish website

    RSS feed = Reward website

    Hyperlinks that contain more than 10 words = Punish website
    Hyperlink directly after hyperlink = Punish website

    ActiveX = Punish website
    RealAudio = Punish website
    QuickTime = Punish website

    Ogg Vorbis = Reward website
    FLAC = Reward website

    1. Re:Search engine ranking by calebt3 · · Score: 5, Insightful

      Searchers won't use your engine if it does not give them what they want.

  3. Malware is MS's fault really by Anonymous Coward · · Score: 1, Insightful

    Well its in Google's best interest to fight this, as Malware has the potential to affect their business.

    Really, as much as I am not a MS basher, malware is almost entirely Microsoft's fault. If they had paid attention back in the day to security, we wouldn't have the steaming swamp of malware we have now.

    The only serious way to fight malware is to reduce the potential infection hosts.

    fighting this is just like fighting any sort of sickness or plague. If you have enough immunized hosts, they the issue won't be as bad.

  4. Re:And what platform does the malware run on? by smittyoneeach · · Score: 1, Insightful

    x86

    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  5. Re:Google itself? by moderatorrater · · Score: 3, Insightful

    The name "Browser Error Redirector" doesn't make its purpose clear to a non-technical user I would argue that there is no way to make its purpose clear to the non-technical user without using at least a full sentence, probably a paragraph. For those who are familiar with the concept of error page redirection in the first place, it's a very adequate description, very honest and the first thing I would suspect once I realized there was a problem. If it had been "Browser Helper" or "DNS Accelerator" or "Bonzai Buddy" then arguing that the name wasn't clear would be applicable; as it is, it's a specific name for a specific condition that doesn't hide what it is.
  6. Re:Maybe Goole should delist a few sites. by moderatorrater · · Score: 3, Insightful

    The problem with that is the number of sites that happen to host malware without meaning to. Too often the malware comes through advertising services or sneak through in user generated content that would be fine if not for a browser vulnerability. Google does a lot as it is, outright blocking the sites goes too far (unless that's the only thing that the site is made for, which is rare and would probably mean that the site is ranked low in the first place).