Slashdot Mirror

← Back to Stories (view on slashdot.org)

One Million Sites Infected With Malware In Q2

Posted by CmdrTaco on from the show-me-the-pinkee dept.

Trailrunner7 writes "More than one million Web domains were infected with malicious code in the second quarter of 2010 — around one percent of all active Web domains, according to new data. The number of infected domains was extrapolated from data gained through a sample scan of what Dasient describes as 'millions of Web sites,' as well as from customer deployments. It suggests that compromises of Web sites are on the rise, as attackers look to push out malicious programs through so-called drive by download attacks."

35 of 42 comments (clear)

  1. Of course you have. by AnonymousClown · · Score: 3, Funny

    Web anti malware firm Dasient has published data claiming that more than 1 million Web sites were compromised in the second quarter, 2010 - a sharp increase.

    *In Sean Connery's James Bond voice* Of course they have.

    --
    RIP America

    July 4, 1776 - September 11, 2001

    1. Re:Of course you have. by camperslo · · Score: 1

      It's been a busy year for malware with many recent reports of issues.

      GData Software , a German anti-virus firm, reports "Malware for Windows the undisputed number 1
      Windows users are still the number one target: 99.4 percent of all new malware of the first half of this year was written for Microsoft's operating system. The other 0.6% targeted systems that contain e.g. Unix or Java technologies." That .6 % includes phones.
      Of the 1,017, 208 new malware programs, over a million target Windows.

  2. *domains* infected? What? by Kaz+Kylheku · · Score: 5, Insightful

    A domain is a node in the DNS namespace. How does that get infected?

    If a web server hosts 20 domains, and is infected, does that count as 20 infections?

    "Web site", "domain" and "host" are not interchangeable.

  3. Um yeah.. by DrgnDancer · · Score: 4, Funny

    The only Malware we were infected by in Q2 was McAfee. It decided a few critical systems files were viruses and shut us down for hours. Stupid Malware creators.

    --
    I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
    1. Re:Um yeah.. by Ironhandx · · Score: 2, Funny

      Windows 7 decided that an executable that I had on my computer(that I myself had just compiled) was a trojan and over reacted so hard that it fragged explorer.

      Fun times for all!

    2. Re:Um yeah.. by vux984 · · Score: 2, Insightful

      Windows 7 decided that an executable that I had on my computer(that I myself had just compiled) was a trojan...

      I'm curious why you think Windows 7 was wrong? ;)

    3. Re:Um yeah.. by Anonymous Coward · · Score: 1, Funny

      Ummm, Windows 7 can't decide anything is a trojan. Your antivirus software may have, which may happen to be Microsoft Antivirus, but that is no more Windows 7 than Word is. Also, as a dev you should know better than to real time scan your dev directories, that kind of shit happens.

    4. Re:Um yeah.. by Anonymous Coward · · Score: 1, Funny

      Ummm, Windows 7 can't decide anything is a trojan. Your antivirus software may have, which may happen to be Microsoft Antivirus, but that is no more Windows 7 than Word is. Also, as a dev you should know better than to real time scan your dev directories, that kind of shit happens.

      No, it was Windows7AntiVirus 2011. Even after I paid $30 it wouldn't clean it. And they charged my credit card twice! At least it runs better than XPAntivirus 2010 did on Windows 7.

      All kidding aside, Microsoft Security Essentials is a good program.

    5. Re:Um yeah.. by alvinrod · · Score: 1

      This was modded funny, but he's not actually joking. McAfee did have this problem that caused a machine to go into a cycle of continuous reboots. Here's the Slashdot story covering the issue. I remember being on vacation when it happened and the sysadmins saying that it caused all sorts of headaches for them.

      McAfee probably has probably caused more problems for us than actual virus infections as well. Not to mention that it's an evil piece of bloatware the slows down machines horrible. By my estimates upgrading our dual-core machines to quad-core machines should result in up to a 3x performance increase. McAfee continues to peg one core and the other three are free to do something useful. The only thing it's really doing is speeding up the heat-death of the universe.

    6. Re:Um yeah.. by mcgrew · · Score: 2, Interesting

      Well, if it had been Linux that told him it was a trojan Linux would have been wrong, because it was his own program. But since Microsoft really owns all Windows computers (ragardless of who paid for them) Windows was right. Keep your nasty programs off of Bill's computer! You can only run what Bill allows you to run.

      --
      Free Martian Whores!
    7. Re:Um yeah.. by vux984 · · Score: 1

      Well, if it had been Linux that told him it was a trojan Linux would have been wrong, because it was his own program.

      Actually the fact that he compiled or even wrote it himself doesn't at all remove the possibility that it is a trojan.

    8. Re:Um yeah.. by mcgrew · · Score: 1

      It isn't a trojan until it gets in someone else's machine. If you know it's a trojan and you install it anyway, it's no longer a trojan. Suicide isn't murder. A firearm isn't a weapon until it's aimed at a human; a .22 to hunt squirrels is a hunting rifle, although it can still be used as a weapon.

      However, you're right that it could have been meant to be a trojan, and yes, it's possible to trojan a Linux box.

      --
      Free Martian Whores!
    9. Re:Um yeah.. by Aighearach · · Score: 1

      Lets ask the squirrel about that one.

      Oh, wait.

      I am a squirrel you insensitive clod!

    10. Re:Um yeah.. by vux984 · · Score: 2, Insightful

      It isn't a trojan until it gets in someone else's machine. If you know it's a trojan and you install it anyway, it's no longer a trojan.

      1) Just because he compiled it, doesn't mean he knew it was a trojan. One could download source from the web and compile it, and get a trojan as a result.

      2) Even if he wrote it, it could be the result of a multiple-personality disorder coding against him... :D

      3) I disagree that intent matters. Even if he wrote it himself, knowing full well what it was... I'm not sure I buy the idea that deliberately installing a trojan on purpose makes it any less a trojan.

      Had the king of Troy divined that the greeks's had stashed some soldiers in the 'trojan horse' and he brought it into the city anyway... and then promptly burnt it to the ground. Well... it was still a "trojan horse". Similarly when a security researcher deliberately obtains a trojan to dissect, it is still a trojan.

      A firearm isn't a weapon until it's aimed at a human

      A crossbow aimed at a rabbit is a weapon. A machine gun in a crate is a weapon. A nuclear missile waiting in its silo is a weapon.

      Indeed it would be impossible to build weapons, test weapons, find weapons, or sell weapons if they didn't exist until humans were in the cross hairs -- yet there isn't a person on the face of the earth who would be confused by any of those terms.

  4. Less and less active... by Darkness404 · · Score: 3, Insightful

    It seems like in reality virus/adware/spyware infections are down to very, very low levels.

    It used to be in the late 90s to early-to-mid 2000s there would be people left and right with adware that popped up stuff and computers would grind to a halt. Today, I'm not seeing that on anyone's computer that I've done tech support for. I have seen a bunch of systems grind to a halt due to Norton/McAfee, but none caused by viruses/spyware/adware/etc. The only thing I can think of is that IE7 and beyond stepped up security enough to make a major impact.

    So even though "threat analyzers" pull up scary numbers, I'm not seeing the results in the wild.

    --
    Taxation is legalized theft, no more, no less.
    1. Re:Less and less active... by HungryHobo · · Score: 4, Insightful

      it just means the malware authors have grown up and want a paycheck.
      It used to be that half the viruses were showy things written by amatures who wanted to fuck around.
      most of the rest were trying to cash in on ad revenue from popups.

      Now there's less money in popups(most of the big ad providers don't like being associated with malware) so the malware just sits quietly trying to steal your credit card number.
      The more stealthy the more successful.

    2. Re:Less and less active... by NJRoadfan · · Score: 1

      Most malware nowadays isn't as "visible" as it once was. A lot of it is bot net clients working in the background or browser redirects. The stuff is a royal PITA to find and remove as well.

      How many of these sites that were flagged as infected really are? Quite a few ad networks have "poisoned" ad banners in rotation that exploit Flash/Acrobat bugs and have malware payload... did any of these sites, that just happened to be showing one of those ads, get counted as infected?

    3. Re:Less and less active... by Anonymous Coward · · Score: 1, Interesting

      If the site serves up an infected ad, the site is infected. Sounds fair to me; if I go to the site, will my computer be attacked? I really don't care if the attack stems from an embedded ad hosted on another server.

    4. Re:Less and less active... by prshaw · · Score: 1

      >> The only thing I can think of is that IE7 and beyond stepped up security enough to make a major impact

      Or maybe, just maybe, Norton/McAfee is actually doing something usefull?

    5. Re:Less and less active... by drcheap · · Score: 1

      The only thing I can think of is that IE7 and beyond stepped up security enough to make a major impact.

      mod parent funny

    6. Re:Less and less active... by Anonymous Coward · · Score: 1, Informative

      Ahahahaha. You've gotta be kidding, right? I work at a computer repair shop and we're seeing half a dozen machines a day getting checked in for malware/malicious software infections. Machines running full antivirus, with patched Windows updates. People GO LOOKING for trouble. When you tell them that clicking the "Dislike" button on Facebook is serving up evil JavaScript and it's not real, or just scan their LimeWire folder and watch them cry, the look on their faces is priceless. People are getting owned every freakin' day, it's just that you never see that side of things because you probably run Linux + NoScript in some sandboxed VM or some shit. Malware is fsck'in EVERYWHERE and your average computer user is just chillin' without a clue on the chopping block.

    7. Re:Less and less active... by Pharmboy · · Score: 1

      I would agree with your assessment. The viral material found on computers is different than 10 years ago, and often the AV catches it in time and just quarantines it, but a quick look at the logs verifies that there is a lot more activity (and profit) in pwning computers today than 10 years ago, as well as more sophisticated methods of serving the malware up.

      --
      Tequila: It's not just for breakfast anymore!
    8. Re:Less and less active... by ls671 · · Score: 1

      > but none caused by viruses/spyware/adware/etc

      can you please tell me where that etc folder is located ?

      I would like to have a look at it to make sure I am safe but I just can't find it.

      Thanks ! ;-)

      myhost:~# ls /viruses/spyware/adware/etc
      ls: /viruses/spyware/adware/etc: No such file or directory
      myhost:~# find / | grep viruses/spyware/adware/etc
      myhost:~#

      --
      Everything I write is lies, read between the lines.
    9. Re:Less and less active... by WuphonsReach · · Score: 1

      It seems like in reality virus/adware/spyware infections are down to very, very low levels.

      No, they're just more subtle. At least the ones that are attempting to build a botnet to use for DDoS, web hosting of illegal or fraudulent content, or as spam zombies.

      But there's also a lot of them that do click-jacking, ad-insertion, or simply misbehave that frankly... even on a patched Windows box, allowing Javascript/Flash to run from every site out there is a bad idea. It's still the primary infection method (and has been for a few years).

      It hasn't gotten better, in fact it's gotten a lot worse over the past 3 years. Used to be, we could keep our machines clean if we were careful where we browsed and kept things patched. That's no longer good enough and I see users constantly getting infected by websites. Not seedy websites either, legit and mainstream websites get hacked or they serve up malicious ads from 3rd party networks (hacked or being paid by hackers to serve the ads). I have at least half a dozen acquaintances who end up infected at least once a quarter - until I have them switch over to Firefox+AdBlock or Firefox+NoScript+FlashBlock.

      Things are proceeding pretty much right along the path I predicted 2-3 years ago. Javascript/Flash are still the primary attack vectors and more and more people are turning it off, or selectively whitelisting. Blacklisting can't keep up. Signatures can't keep up. Heuristics might, but run the risk of enough false positives that users turn it back off. It's going to eventually kill the rich media ads - because nobody is going to be willing to run Javascript/Flash from random 3rd party sites. Or the sites will start hosting the ads locally, and open themselves up to liability lawsuits for hosting malicious content. (Oh joy.) That's going to do a number on a lot of ad-supported community sites that try to survive by serving up ads.

      --
      Wolde you bothe eate your cake, and have your cake?
  5. Malware.. by iONiUM · · Score: 1

    It's like a parasite. It's spreading everywhere. We even use parasitical terms for it (worm, virus, etc). How long until the bulk of the internet becomes supported by this shit? It's kind of sad to see.

    1. Re:Malware.. by Anonymous Coward · · Score: 1, Funny

      Calm down. Take a deep breath. Everything is OK.

    2. Re:Malware.. by Sir_Lewk · · Score: 1

      You say it like this is some sort of recent development... this stuff has been around since at least the 70s. Talked about well before then.

      And how exactly does malware "support the internet"?

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    3. Re:Malware.. by drcheap · · Score: 1

      And how exactly does malware "support the internet"?

      Yeah, it's more that the internet (or rather the users of it) supports the malware/viruses by being ignorant and clicking on stuff that is blatently not what it claims to be.

  6. That many? Really? by Drakkenmensch · · Score: 1

    Was this study funded by Symantech? Or possibly Mcafee?

  7. I would love to see more data by Ynsats · · Score: 1

    Specifically how many of the sites are pr0n or gambling sites.

  8. how many are SCADA? by bl8n8r · · Score: 1

    ..running stuxnet? That's what I really want to know.

    --
    boycott slashdot February 10th - 17th check out: altSlashdot.org
  9. No wonder by Intron · · Score: 3, Interesting

    Here's what I see when I go to the linked article:

    "Additional plugins are required to display all the media on this page [Install Missing Plugins]"

    The web is no longer a provider of linked information. It is a distributed application, portions of which want to run on my PC.

    --
    Intron: the portion of DNA which expresses nothing useful.
  10. So, CowboyNeal ... by PPH · · Score: 1

    ..., when are you going to allow the tag for Slashdot submissions?

    --
    Have gnu, will travel.
  11. Useless article by erroneus · · Score: 1

    From a "sample" (of unspecified size) they were able to determine that the global internet has at least one million sites infected with malware in Q2?

    I need to see the qualifying data to believe this. I would also like to see a breakdown of what software is being run on various servers. Without these bits of information, this is nothing more than an advertisement.

  12. Rrrrriiiight... by IonOtter · · Score: 1

    Right, okay, fine. Sites like grabbernosepickle, chickendiesel, omniflightboxtops and coldrussianmedicationgirls.com are all infected with malware. Ooooh, scary. I'm quaking in my boots, here.

    Seriously, if the domain is seen in a spam, chances are it's infected. Now, if only we could nuke those idiots who actually click on links in spam...

    --
    [End Of Line]