Google: 10 percent of sites are dangerous

skore on Tue, 2007-05-15 08:29.

Tools & Technology

5 comments

Last week Google published a study called The Ghost in the Browser: Analysis of Web-based Malware (PDF link) to warn users of the increasing threat posed by malicious software that can be downloaded on to their computers while they surf the web.

Quote:

The search giant conducted in-depth research on 4.5 million Web sites and found that about 1 in 10 Web pages could successfully "drive-by download" a Trojan horse virus onto a visitor's computer. Such malicious software potentially enables hackers to access sensitive data stored on the computer or its network, or to install rogue applications.

CNET coverage

In other news, Google is releasing a horror movie this summer with the same title as this report. Look for "The Ghost in the Browser" in a theater near you by August. ;)

Comments

..

lots0 on Tue, 2007-05-15 09:47.

Only 10 percent?

Sounds like a low-ball number to me.

Too high

IncrediBILL on Tue, 2007-05-15 14:09.

I don't think it's possible that 10% of legit domains could be infected otherwise you would see this all over Google's SERPs:

This site may harm your computer.

Maybe my view of the online universe is too narrow and Google is counting all the junk domains and subdomains that the slimeballs crank out by the ton.

However, with that said, they should just flag some massively infested hosts like iPowerWeb for all their domains because they are constantly infected and when one domain is cleaned up another pops right back up and Google doesn't know about it whatsoever.

Check this out:

view-source:http://affordablekarate.com/

See the script at the top of the page and the link to http://81.95.146.98?

It appears the source of the malware at http://81.95.146.98 has been disabled or is broken, but the iPowerWeb server is still filthy with domains that contain the scripts linked to the infected pages and of course Google missed it, or ignored it because the malware source file is temporarily down:

http://www.google.com/search?hl=en&q=affordablekarate.com

And so was this one:

view-source:http://cattocreations.com/
http://www.google.com/search?hl=en&q=cattocreations.com

And all of these are infected but Google doesn't know about it and they're on the same server too...

comunicandonos.net
denchysystems.com
futurepda.com
haninweb.com
lovesincredibleedibles.com
marstontechnical.com
... and on and on... lots of 'em

However, Google did flag this one from that server:
http://www.google.com/search?hl=en&q=caribbeanfeed.com

I'm wondering if Google is removing the interstitial warning now that the referenced malware file isn't currently available, which could be very dangerous if that's the case because the malware guys could just pull the file, wait for a reindex, then put the file back online since all the domains are still infected.

Guess I'll just have to watch this for a bit longer and see how it plays out, but it looks like they may have found a loophole around Google's security checks.

The "study" is trying to

hardball on Tue, 2007-05-15 14:47.

The "study" is trying to hide the truth and shift the blame (standard google stuff).

Here's the REAL deal:

Quote:

Sponsored results contained two to four times as many dangerous sites as organic results.

Quote:

some analysis indicates that search engines make big money selling ads to untrustworthy of sites – many millions of dollars each year.

Safety of Internet Search Engines

Good call, hardball.

John Andrews on Tue, 2007-05-15 16:13.

Good call, hardball.

Adwords is a driveby

hardball on Tue, 2007-05-15 19:33.

Adwords is a driveby paradise:

Quote:

I designed my ad to make it suspect, but even then it was accepted by Google without problem and I got no complaints to date. And many users clicked on it.

Is your PC virus-free? Get it infected here!

I thought this bit was funny:

Quote: