In association with heise online

19 February 2008, 14:48

Google reports ever more search results leading to infected web pages

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Many web administrators clearly have problems safeguarding the security of their servers. This is just one conclusion reached by Google in its report, "All Your iFrames Point to Us", the result of examining many billions of URLs. Chinese administrators are particularly sloppy - 64 per cent of all web sites which link to malware are located in China. These were mostly hacked servers running vulnerable software which criminals had been able to exploit to manipulate these servers.

According to statistics from Google, around 38 per cent of all infected servers were running out of date versions of the Apache web server which, according to the version number, contained vulnerabilities. The versions of PHP deployed were also typicall out of date, with 40 per cent of servers running a version with known vulnerabilities. The report doesn't give any information for Microsoft's Internet Information Server. Unpatched web applications such as phpBB2, Invisionboard, and many others, which make it relatively easy for criminals to insert their own content and additional iFrames into HTML pages, were also frequently found. Other studies – such as that from anti-virus software vendor Sophos showing that Linux servers play a significant role in botnets – tend to agree with the findings. Sophos published similar figures for the distribution of infected web pages on the internet in December.

More than one per cent of all search queries on Google deliver at least one URL pointing to a malicious web page. For some time Google has been marking suspicious links with text stating, "This site may harm your computer". In June of last year, by comparing different search engines McAfee concluded that more than three per cent of Google's hits lead to high-risk or malicious web sites. McAfee also included spam and phishing sites, however, which are not included in Google's report.

malicious URLs
The number of hits on Google leading to infected web pages has tripled over the last 10 months.

Between January and October 2007, Google took a closer look at 60 million URLs and found 3 million URLs to malware which were embedded in web pages on more than 180,000 'landing sites'. The risk of being infected is far higher on sites with adult content than on other web sites. The proportion of normally harmless web sites is also increasing as a result of unwanted manipulation. This overturns the received wisdom that only users surfing dubious web sites pick up infections.

The full report, "All Your iFrames Point to Us", can be downloaded as a PDF.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit