Last Tuesday, Google published a report stating that web browsing and searching are increasingly becoming risky. Google for a year and a half now has been identifying web pages that infect vulnerable hosts via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running malware automatically.
“In the past few months, more than 1% of all search results contained at least one result that we believe to point to malicious content and the trend seems to be increasing,” said Niels Provos, a security engineer at Google. Further, Provos added that in its year and a half study, Google has found more than 3 million unique URLs on more than 180,000 Web sites attempting to install malware on visitors’ computers.
Provos co-authored a technical paper, “All Your IFRAMEs Point To Us,” with Panayiotis Mavrommatis, a Google colleague, and two Johns Hopkins University computer scientists, Moheeb Abu Rajab and Fabian Monrose. The paper describes the increasing impact of “drive-by downloads,” the exploitation of Web browser vulnerabilities to download and run malware automatically on the computers of Web site visitors.
The report finds that among the servers distributing malware, 38.1% of Apache servers and 39.9% of servers with PHP scripting support were older versions with known security vulnerabilities. Provos and his co-authors said they could not verify the versions of infected Microsoft IIS severs. Overall, more than twice as many Microsoft IIS servers (113,905) were distributing malware as Apache servers (55,088), according to the report.
Though we surely have a better understanding of the problem, still the question for an apt solution is no where in sight.
