Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Google says the scope of drive-by malware is 'significant'

Google report reveals the depth of the worldwide malware problem
IT Best Practices Alert By Linda Musthaler , Network World , 03/03/2008
Musthaler
Sign up for this newsletter now!

Linda Musthaler's CIO-level look at the latest networking technologies and their benefits and pitfalls.

  • Share/Email
  • Tweet This
  • Comment
  • Print

How ironic that Google allows you to initiate a Web search by clicking on a button labeled "I'm Feeling Lucky." The button is supposed to take you to the first Web site that turns up in your search. Instead, it just might take you to malware hell.

In a preliminary report issued by Google in early February (see All Your iFrames Point to Us in the Google blog), researchers reveal the depth of the worldwide malware problem and conclude “the scope of the problem is significant.” This isn’t news if you’ve ever have to clean up the mess left behind after a malware infection. But if you’re feeling fairly confident that you do enough to protect yourself and the other users on your network, this report should open your eyes to the real world, and it’s not pretty.

Over a 10 month period spanning most of 2007, Google researchers conducted in-depth analysis of over 66 million URLs. The study focused on the prevalence of “drive-by downloads” – that is, exploits that use browser vulnerabilities and other techniques to automatically download and run malware when you visit a Web site.

Drive-by downloads represent a shift in the methods used by hackers to invade your systems. Not long ago, wide-scale attacks that took aim at overwhelming computing resources were the preferred game plan. Such attacks use a “push” model. As network tools got better at defending against denial-of-service attacks, the bad guys adopted a “pull” model that has users inadvertently downloading unwanted payloads.

Two “pull” techniques are in wide use today. In one, hackers use social engineering to entice trusting users to perform some action that downloads software carrying a payload. For example, clicking on a link to an e-card that turns out to be bogus. Fortunately, end users can be taught to be cautious of such con games.

The second, more ominous method is to automatically deliver the payload when the user lands on a compromised Web page. Worst of all is that landing on a malicious site is often completely out of the hands of the Web surfer, as he may actually be taken there without his knowledge.

This is all attributed to a broad and sophisticated malware distribution network. The report describes it like a tree. The outer branches (Web pages, or “landing sites”) draw unsuspecting Web users into a trunk system (Web servers, or “distribution sites”) that are the root distribution points of the malware. Hackers concentrate on finding ways to expand the number of compromised landing sites that then hop users to the distribution sites where the payload gets delivered.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed