How ironic that Google allows you to initiate a Web search by clicking on a button labeled "I'm Feeling Lucky." The button is supposed to take you to the first Web site that turns up in your search. Instead, it just might take you to malware hell.

In a preliminary report issued by Google in early February (see All Your iFrames Point to Us in the Google blog), researchers reveal the depth of the worldwide malware problem and conclude “the scope of the problem is significant.” This isn’t news if you’ve ever have to clean up the mess left behind after a malware infection. But if you’re feeling fairly confident that you do enough to protect yourself and the other users on your network, this report should open your eyes to the real world, and it’s not pretty.

Over a 10 month period spanning most of 2007, Google researchers conducted in-depth analysis of over 66 million URLs. The study focused on the prevalence of “drive-by downloads” – that is, exploits that use browser vulnerabilities and other techniques to automatically download and run malware when you visit a Web site.

Drive-by downloads represent a shift in the methods used by hackers to invade your systems. Not long ago, wide-scale attacks that took aim at overwhelming computing resources were the preferred game plan. Such attacks use a “push” model. As network tools got better at defending against denial-of-service attacks, the bad guys adopted a “pull” model that has users inadvertently downloading unwanted payloads.

Two “pull” techniques are in wide use today. In one, hackers use social engineering to entice trusting users to perform some action that downloads software carrying a payload. For example, clicking on a link to an e-card that turns out to be bogus. Fortunately, end users can be taught to be cautious of such con games.

The second, more ominous method is to automatically deliver the payload when the user lands on a compromised Web page. Worst of all is that landing on a malicious site is often completely out of the hands of the Web surfer, as he may actually be taken there without his knowledge.

This is all attributed to a broad and sophisticated malware distribution network. The report describes it like a tree. The outer branches (Web pages, or “landing sites”) draw unsuspecting Web users into a trunk system (Web servers, or “distribution sites”) that are the root distribution points of the malware. Hackers concentrate on finding ways to expand the number of compromised landing sites that then hop users to the distribution sites where the payload gets delivered.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.