One Million Sites Infected With Malware In Q2

← Back to Stories (view on slashdot.org)

One Million Sites Infected With Malware In Q2

Posted by CmdrTaco on Thursday September 16, 2010 @04:22AM from the show-me-the-pinkee dept.

Trailrunner7 writes "More than one million Web domains were infected with malicious code in the second quarter of 2010 — around one percent of all active Web domains, according to new data. The number of infected domains was extrapolated from data gained through a sample scan of what Dasient describes as 'millions of Web sites,' as well as from customer deployments. It suggests that compromises of Web sites are on the rise, as attackers look to push out malicious programs through so-called drive by download attacks."

42 comments

Min score:

Reason:

Sort:

Erm? by ciderbrew · 2010-09-16 04:24 · Score: 0, Offtopic

Well done!
1. Re:Erm? by SpaceLifeForm · 2010-09-16 05:47 · Score: 0, Offtopic
  
  Microsoft is innovative!
  
  --
  You are being MICROattacked, from various angles, in a SOFT manner.
Of course you have. by AnonymousClown · 2010-09-16 04:25 · Score: 3, Funny

Web anti malware firm Dasient has published data claiming that more than 1 million Web sites were compromised in the second quarter, 2010 - a sharp increase.

*In Sean Connery's James Bond voice* Of course they have.

--
RIP America
July 4, 1776 - September 11, 2001
1. Re:Of course you have. by camperslo · 2010-09-16 08:45 · Score: 1
  
  It's been a busy year for malware with many recent reports of issues.
  GData Software , a German anti-virus firm, reports "Malware for Windows the undisputed number 1
  Windows users are still the number one target: 99.4 percent of all new malware of the first half of this year was written for Microsoft's operating system. The other 0.6% targeted systems that contain e.g. Unix or Java technologies." That .6 % includes phones.
  Of the 1,017, 208 new malware programs, over a million target Windows.
*domains* infected? What? by Kaz+Kylheku · 2010-09-16 04:28 · Score: 5, Insightful

A domain is a node in the DNS namespace. How does that get infected?
If a web server hosts 20 domains, and is infected, does that count as 20 infections?
"Web site", "domain" and "host" are not interchangeable.
Um yeah.. by DrgnDancer · 2010-09-16 04:30 · Score: 4, Funny

The only Malware we were infected by in Q2 was McAfee. It decided a few critical systems files were viruses and shut us down for hours. Stupid Malware creators.

--
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
1. Re:Um yeah.. by Ironhandx · 2010-09-16 04:49 · Score: 2, Funny
  
  Windows 7 decided that an executable that I had on my computer(that I myself had just compiled) was a trojan and over reacted so hard that it fragged explorer.
  Fun times for all!
2. Re:Um yeah.. by vux984 · 2010-09-16 04:56 · Score: 2, Insightful
  
  Windows 7 decided that an executable that I had on my computer(that I myself had just compiled) was a trojan...
  I'm curious why you think Windows 7 was wrong? ;)
3. Re:Um yeah.. by Anonymous Coward · 2010-09-16 05:00 · Score: 1, Funny
  
  Ummm, Windows 7 can't decide anything is a trojan. Your antivirus software may have, which may happen to be Microsoft Antivirus, but that is no more Windows 7 than Word is. Also, as a dev you should know better than to real time scan your dev directories, that kind of shit happens.
4. Re:Um yeah.. by Anonymous Coward · 2010-09-16 05:36 · Score: 1, Funny
  
  Ummm, Windows 7 can't decide anything is a trojan. Your antivirus software may have, which may happen to be Microsoft Antivirus, but that is no more Windows 7 than Word is. Also, as a dev you should know better than to real time scan your dev directories, that kind of shit happens.
  No, it was Windows7AntiVirus 2011. Even after I paid $30 it wouldn't clean it. And they charged my credit card twice! At least it runs better than XPAntivirus 2010 did on Windows 7.
  All kidding aside, Microsoft Security Essentials is a good program.
5. Re:Um yeah.. by alvinrod · 2010-09-16 06:00 · Score: 1
  
  This was modded funny, but he's not actually joking. McAfee did have this problem that caused a machine to go into a cycle of continuous reboots. Here's the Slashdot story covering the issue. I remember being on vacation when it happened and the sysadmins saying that it caused all sorts of headaches for them.
  
  McAfee probably has probably caused more problems for us than actual virus infections as well. Not to mention that it's an evil piece of bloatware the slows down machines horrible. By my estimates upgrading our dual-core machines to quad-core machines should result in up to a 3x performance increase. McAfee continues to peg one core and the other three are free to do something useful. The only thing it's really doing is speeding up the heat-death of the universe.
6. Re:Um yeah.. by mcgrew · 2010-09-16 06:45 · Score: 2, Interesting
  
  Well, if it had been Linux that told him it was a trojan Linux would have been wrong, because it was his own program. But since Microsoft really owns all Windows computers (ragardless of who paid for them) Windows was right. Keep your nasty programs off of Bill's computer! You can only run what Bill allows you to run.
  
  --
  Free Martian Whores!
7. Re:Um yeah.. by vux984 · 2010-09-16 07:07 · Score: 1
  
  Well, if it had been Linux that told him it was a trojan Linux would have been wrong, because it was his own program.
  Actually the fact that he compiled or even wrote it himself doesn't at all remove the possibility that it is a trojan.
8. Re:Um yeah.. by mcgrew · 2010-09-16 08:44 · Score: 1
  
  It isn't a trojan until it gets in someone else's machine. If you know it's a trojan and you install it anyway, it's no longer a trojan. Suicide isn't murder. A firearm isn't a weapon until it's aimed at a human; a .22 to hunt squirrels is a hunting rifle, although it can still be used as a weapon.
  However, you're right that it could have been meant to be a trojan, and yes, it's possible to trojan a Linux box.
  
  --
  Free Martian Whores!
9. Re:Um yeah.. by Aighearach · 2010-09-16 10:31 · Score: 1
  
  Lets ask the squirrel about that one.
  Oh, wait.
  I am a squirrel you insensitive clod!
10. Re:Um yeah.. by vux984 · 2010-09-16 10:36 · Score: 2, Insightful
  
  It isn't a trojan until it gets in someone else's machine. If you know it's a trojan and you install it anyway, it's no longer a trojan.
  1) Just because he compiled it, doesn't mean he knew it was a trojan. One could download source from the web and compile it, and get a trojan as a result.
  2) Even if he wrote it, it could be the result of a multiple-personality disorder coding against him... :D
  3) I disagree that intent matters. Even if he wrote it himself, knowing full well what it was... I'm not sure I buy the idea that deliberately installing a trojan on purpose makes it any less a trojan.
  Had the king of Troy divined that the greeks's had stashed some soldiers in the 'trojan horse' and he brought it into the city anyway... and then promptly burnt it to the ground. Well... it was still a "trojan horse". Similarly when a security researcher deliberately obtains a trojan to dissect, it is still a trojan.
  A firearm isn't a weapon until it's aimed at a human
  A crossbow aimed at a rabbit is a weapon. A machine gun in a crate is a weapon. A nuclear missile waiting in its silo is a weapon.
  Indeed it would be impossible to build weapons, test weapons, find weapons, or sell weapons if they didn't exist until humans were in the cross hairs -- yet there isn't a person on the face of the earth who would be confused by any of those terms.
Less and less active... by Darkness404 · 2010-09-16 04:38 · Score: 3, Insightful

It seems like in reality virus/adware/spyware infections are down to very, very low levels.

It used to be in the late 90s to early-to-mid 2000s there would be people left and right with adware that popped up stuff and computers would grind to a halt. Today, I'm not seeing that on anyone's computer that I've done tech support for. I have seen a bunch of systems grind to a halt due to Norton/McAfee, but none caused by viruses/spyware/adware/etc. The only thing I can think of is that IE7 and beyond stepped up security enough to make a major impact.

So even though "threat analyzers" pull up scary numbers, I'm not seeing the results in the wild.

--
Taxation is legalized theft, no more, no less.
1. Re:Less and less active... by HungryHobo · 2010-09-16 04:45 · Score: 4, Insightful
  
  it just means the malware authors have grown up and want a paycheck.
  It used to be that half the viruses were showy things written by amatures who wanted to fuck around.
  most of the rest were trying to cash in on ad revenue from popups.
  Now there's less money in popups(most of the big ad providers don't like being associated with malware) so the malware just sits quietly trying to steal your credit card number.
  The more stealthy the more successful.
2. Re:Less and less active... by NJRoadfan · 2010-09-16 04:50 · Score: 1
  
  Most malware nowadays isn't as "visible" as it once was. A lot of it is bot net clients working in the background or browser redirects. The stuff is a royal PITA to find and remove as well.
  How many of these sites that were flagged as infected really are? Quite a few ad networks have "poisoned" ad banners in rotation that exploit Flash/Acrobat bugs and have malware payload... did any of these sites, that just happened to be showing one of those ads, get counted as infected?
3. Re:Less and less active... by Anonymous Coward · 2010-09-16 05:01 · Score: 1, Interesting
  
  If the site serves up an infected ad, the site is infected. Sounds fair to me; if I go to the site, will my computer be attacked? I really don't care if the attack stems from an embedded ad hosted on another server.
4. Re:Less and less active... by prshaw · 2010-09-16 05:36 · Score: 1
  
  >> The only thing I can think of is that IE7 and beyond stepped up security enough to make a major impact
  Or maybe, just maybe, Norton/McAfee is actually doing something usefull?
5. Re:Less and less active... by drcheap · 2010-09-16 05:36 · Score: 1
  
  The only thing I can think of is that IE7 and beyond stepped up security enough to make a major impact.
  mod parent funny
6. Re:Less and less active... by Anonymous Coward · 2010-09-16 05:41 · Score: 1, Informative
  
  Ahahahaha. You've gotta be kidding, right? I work at a computer repair shop and we're seeing half a dozen machines a day getting checked in for malware/malicious software infections. Machines running full antivirus, with patched Windows updates. People GO LOOKING for trouble. When you tell them that clicking the "Dislike" button on Facebook is serving up evil JavaScript and it's not real, or just scan their LimeWire folder and watch them cry, the look on their faces is priceless. People are getting owned every freakin' day, it's just that you never see that side of things because you probably run Linux + NoScript in some sandboxed VM or some shit. Malware is fsck'in EVERYWHERE and your average computer user is just chillin' without a clue on the chopping block.
7. Re:Less and less active... by Anonymous Coward · 2010-09-16 07:02 · Score: 0
  
  That's mainly because companies like Direct Revenue were shut down. The founders, Alan Murray, Joshua Abram, Daniel Kaufman and Rodney Hook were let off with a slap on the wrist then slithered off into the night. But at least their illegal behavior was stopped.
  Here's all the dirty details:
  http://www.benedelman.org/news/040706-1.html
8. Re:Less and less active... by Pharmboy · 2010-09-16 07:33 · Score: 1
  
  I would agree with your assessment. The viral material found on computers is different than 10 years ago, and often the AV catches it in time and just quarantines it, but a quick look at the logs verifies that there is a lot more activity (and profit) in pwning computers today than 10 years ago, as well as more sophisticated methods of serving the malware up.
  
  --
  Tequila: It's not just for breakfast anymore!
9. Re:Less and less active... by ls671 · 2010-09-16 15:03 · Score: 1
  
  > but none caused by viruses/spyware/adware/etc
  can you please tell me where that etc folder is located ?
  I would like to have a look at it to make sure I am safe but I just can't find it.
  Thanks ! ;-)
  myhost:~# ls /viruses/spyware/adware/etc
  ls: /viruses/spyware/adware/etc: No such file or directory
  myhost:~# find / | grep viruses/spyware/adware/etc
  myhost:~#
  
  --
  Everything I write is lies, read between the lines.
10. Re:Less and less active... by WuphonsReach · 2010-09-16 17:37 · Score: 1
  
  It seems like in reality virus/adware/spyware infections are down to very, very low levels.
  
  No, they're just more subtle. At least the ones that are attempting to build a botnet to use for DDoS, web hosting of illegal or fraudulent content, or as spam zombies.
  
  But there's also a lot of them that do click-jacking, ad-insertion, or simply misbehave that frankly... even on a patched Windows box, allowing Javascript/Flash to run from every site out there is a bad idea. It's still the primary infection method (and has been for a few years).
  
  It hasn't gotten better, in fact it's gotten a lot worse over the past 3 years. Used to be, we could keep our machines clean if we were careful where we browsed and kept things patched. That's no longer good enough and I see users constantly getting infected by websites. Not seedy websites either, legit and mainstream websites get hacked or they serve up malicious ads from 3rd party networks (hacked or being paid by hackers to serve the ads). I have at least half a dozen acquaintances who end up infected at least once a quarter - until I have them switch over to Firefox+AdBlock or Firefox+NoScript+FlashBlock.
  
  Things are proceeding pretty much right along the path I predicted 2-3 years ago. Javascript/Flash are still the primary attack vectors and more and more people are turning it off, or selectively whitelisting. Blacklisting can't keep up. Signatures can't keep up. Heuristics might, but run the risk of enough false positives that users turn it back off. It's going to eventually kill the rich media ads - because nobody is going to be willing to run Javascript/Flash from random 3rd party sites. Or the sites will start hosting the ads locally, and open themselves up to liability lawsuits for hosting malicious content. (Oh joy.) That's going to do a number on a lot of ad-supported community sites that try to survive by serving up ads.
  
  --
  Wolde you bothe eate your cake, and have your cake?
11. Re:Less and less active... by Anonymous Coward · 2010-09-17 00:45 · Score: 0
  
  Well, you obviously do not have much experience in the wild... Malware infection for windows machines is rampant! I work as a support tech and at least 9 out of 10 computers I get for repairs are malware-ridden...
  Websites get infected because stupid webmasters store their passwords in plain text in tools like Filezilla, and the first trojan around leeches everything and voila.
It's ok... by Anonymous Coward · 2010-09-16 04:48 · Score: 0

Ninety percent of the infections are just on domain parks that nobody really wants to visit.
Malware.. by iONiUM · 2010-09-16 04:51 · Score: 1

It's like a parasite. It's spreading everywhere. We even use parasitical terms for it (worm, virus, etc). How long until the bulk of the internet becomes supported by this shit? It's kind of sad to see.
1. Re:Malware.. by Anonymous Coward · 2010-09-16 05:04 · Score: 1, Funny
  
  Calm down. Take a deep breath. Everything is OK.
2. Re:Malware.. by Sir_Lewk · 2010-09-16 05:09 · Score: 1
  
  You say it like this is some sort of recent development... this stuff has been around since at least the 70s. Talked about well before then.
  And how exactly does malware "support the internet"?
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
3. Re:Malware.. by drcheap · 2010-09-16 05:39 · Score: 1
  
  And how exactly does malware "support the internet"?
  Yeah, it's more that the internet (or rather the users of it) supports the malware/viruses by being ignorant and clicking on stuff that is blatently not what it claims to be.
That many? Really? by Drakkenmensch · 2010-09-16 04:55 · Score: 1

Was this study funded by Symantech? Or possibly Mcafee?
I would love to see more data by Ynsats · 2010-09-16 05:02 · Score: 1

Specifically how many of the sites are pr0n or gambling sites.
how many are SCADA? by bl8n8r · 2010-09-16 05:36 · Score: 1

..running stuxnet? That's what I really want to know.

--
boycott slashdot February 10th - 17th check out: altSlashdot.org
No wonder by Intron · 2010-09-16 05:50 · Score: 3, Interesting

Here's what I see when I go to the linked article:
"Additional plugins are required to display all the media on this page [Install Missing Plugins]"
The web is no longer a provider of linked information. It is a distributed application, portions of which want to run on my PC.

--
Intron: the portion of DNA which expresses nothing useful.
So, CowboyNeal ... by PPH · 2010-09-16 07:12 · Score: 1

..., when are you going to allow the tag for Slashdot submissions?

--
Have gnu, will travel.
Useless article by erroneus · 2010-09-16 07:16 · Score: 1

From a "sample" (of unspecified size) they were able to determine that the global internet has at least one million sites infected with malware in Q2?
I need to see the qualifying data to believe this. I would also like to see a breakdown of what software is being run on various servers. Without these bits of information, this is nothing more than an advertisement.
I don't know about 1 million in Q2 2010, but... by Anonymous Coward · 2010-09-16 08:54 · Score: 0

"Web anti malware firm Dasient has published data claiming that more than 1 million Web sites were compromised in the second quarter, 2010 - a sharp increase. *In Sean Connery's James Bond voice* Of course they have." - by AnonymousClown (1788472) on Thursday September 16, @12:25PM (#33600940)
I don't know about THAT, however? Well - I DO know that my personal custom HOSTS file is nearly @ 1 million absolutely unique entries of known bad sites/servers, and it took me nearly 10++ yrs. now to get it to that # no less!
I populate it from very reputable & reliable sources listed below:
----
http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com/
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://en.wikipedia.org/wiki/Hosts_file
http://www.mvps.org/
http://someonewhocares.org/
http://hostsfile.mine.nu/hosts0
http://hosts-file.net/?s=Download
http://www.stopbadware.org/home
+ Spybot "Search & Destroy" IMMUNIZE feature add ons also...
----
In fact, as far as growth this summer alone? It's been more than usual, and last summer last year was the same it seems/iirc too...
However: Ahem - 1 million++ new known bad sites &/or servers, & in just 1 quarter?
(Hey, anything's possible, but that's a bit "excessive/steep" imo @ least... still, one never knows! Still, I somehow DOUBT it's that bad out there. Yes, it's bad, but not THAT bad... I don't think so @ least, and I tend to keep pretty steady-eddy tracking of this up (for over 10++ yrs. now @ sites & sources such as those listed above via populating my custom HOSTS file for both added security AND added speed))
I.E./E.G.-> The # of entries of known bad sites &/or servers in my HOSTS file, which a great deal of came from my sources listed above no less, had grown this year from July 15th 2010 to Sept. 15th 2010 by almost 18,000 entries alone at the tail-end of this summer alone (up to 881, 543++ total entries, & gaining typically between 50-250 more each day).
It's crazy out there now, but it doesn't affect "me or mine", because I cannot be hurt by that which I cannot enter to get hurt by it, such as a bad website that's malscripted or bears a malware, because that's what HOSTS files do, at least part in the way of security (and more for speed such as adbanner blocking (which also helps security too, because many a banner ad has been found with malicious code in it too the past few years now as well), and site IP-to-URL hardcoding): HOSTS files, if done right, can keep you from getting burned in a bogus kitchen, so-to-speak!
Still - 1 million++ new known bad sites in just 1 quarter this year 2010? I have trouble with that estimation, in believing it to be blunt about it, & yes, I have been looking at this type of data for quite a long time now (over 10++ yrs. in fact, in making a custom HOSTS file to protect vs. this type of lunacy).
APK
P.S.=> Since I
Rrrrriiiight... by IonOtter · 2010-09-16 12:38 · Score: 1

Right, okay, fine. Sites like grabbernosepickle, chickendiesel, omniflightboxtops and coldrussianmedicationgirls.com are all infected with malware. Ooooh, scary. I'm quaking in my boots, here.
Seriously, if the domain is seen in a spam, chances are it's infected. Now, if only we could nuke those idiots who actually click on links in spam...

--
[End Of Line]