Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google's Research on Malware Distribution

Posted by Soulskill on from the making-a-mountain-out-of-a-really-big-piece-of-rock dept.

GSGKT writes "Google's Anti-Malware Team has made available some of their research data on malware distribution mechanisms while the research paper[PDF] is under peer review. Among their conclusions are that the majority of malware distribution sites are hosted in China, and that 1.3% of Google searches return at least one link to a malicious site. The lead author, Niels Provos, wrote, 'It has been over a year and a half since we started to identify web pages that infect vulnerable hosts via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running malware automatically. During that time we have investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware. During the course of our research, we have investigated not only the prevalence of drive-by downloads but also how users are being exposed to malware and how it is being distributed.'"

5 of 83 comments (clear)

  1. Read it again by EmbeddedJanitor · · Score: 4, Insightful
    There are three million bad URLs being served off 180,000 web sites.

    Three million out of billions is not bad, assuming randomness (only, say 1 in 1000 chance of using a bad URL), but it is a lot worse than 180k out of billions.

    However not all URLs are used equally. Bad URLs linked to some popular pron site, for instance, will get hit a lot more than Joe Sixpack's facebook site.

    --
    Engineering is the art of compromise.
    1. Re:Read it again by Anonymous Coward · · Score: 2, Insightful

      Also, it would likely be inaccurate to assume uniform randomness for the appearance of those pages in search results. They are likely optimized to turn up for very popular queries with every SEO trick available. So it's still 3 million out of billions, but those 3 million likely get significantly more than traffic than an average page.

  2. Re:Search engine ranking by calebt3 · · Score: 5, Insightful

    Searchers won't use your engine if it does not give them what they want.

  3. Re:Google itself? by moderatorrater · · Score: 3, Insightful

    The name "Browser Error Redirector" doesn't make its purpose clear to a non-technical user I would argue that there is no way to make its purpose clear to the non-technical user without using at least a full sentence, probably a paragraph. For those who are familiar with the concept of error page redirection in the first place, it's a very adequate description, very honest and the first thing I would suspect once I realized there was a problem. If it had been "Browser Helper" or "DNS Accelerator" or "Bonzai Buddy" then arguing that the name wasn't clear would be applicable; as it is, it's a specific name for a specific condition that doesn't hide what it is.
  4. Re:Maybe Goole should delist a few sites. by moderatorrater · · Score: 3, Insightful

    The problem with that is the number of sites that happen to host malware without meaning to. Too often the malware comes through advertising services or sneak through in user generated content that would be fine if not for a browser vulnerability. Google does a lot as it is, outright blocking the sites goes too far (unless that's the only thing that the site is made for, which is rare and would probably mean that the site is ranked low in the first place).