back to article One in 10 webpages scrutinized by Google were laced with malware

At least one in 10 suspicious-looking webpages studied by Google were indeed booby-trapped with malware, according to the web giant. A five-strong Google research team found that 450,000 pages, out of a sample of 4.5 million dodgy pages that deserved a closer look, contained scripts to install malicious code, such as Trojans …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    What types of sites were these?

    I don't think 1 in 10 of the pages I visit are infected - but then again, I pretty much stick to my web-based mail programs, CNN and eBay. I wish this article had mentioned what kind of content most of the infected pages contained - betcha it's porn, games and MySpace-type stuff. In any case, always best to keep the anti-virus software updated!

  2. Dale Reese

    RTFA - 1 in 10 of *suspicious* pages???

    The pages analyzed were selected specifically, *not* as a random sample, from several billion web pages that exhibited suspicious behavior.

    Yes, 10% of the 4.5 million (450,000) analyzed in detail were bogus, but a more accurate statistic is: >2G/450K, or about 0.02% (or less) of the web pages Google sampled.

  3. Joe K

    More of a browser issue surely?

    Maybe the title should be "1 in 10 sites designed to exploit the billions of holes in Internet Explorer".

    I've been using Opera for 6 years and refuse point-blank to ever use IE, subsequent scans with Ad-aware and other malware detectors regularly find sod-all.

    Just one of the benefits of using a program thats designed to just render HTML and that, instead of being a door onto your whole system.

  4. Anonymous Coward
    Anonymous Coward

    How to fix

    1. Stop using Internet Explorer

    2. Stop using javascript and flash, except maybe on very trusted sites (would you let just anyone run arbitrary code on your machine?)

    4. Don't ever download plugins from whence you know not where they came.

    4. Stop using Internet Explorer (worth mentioning twice)

    5. Stop using Windows

    6. Install Linux or get a Mac

  5. Ed Mozley

    Presumably...

    ...it would not be difficult to write something so that when you visit a website the code is downloaded into an area where it can be scanned using the same criteria that the google researchers used. Maybe the google toolbar could put itself between the browser and the webserver to do this very task.

  6. Alex

    Why?

    I agree with Joe K! When viruses and malware are 99.9999% Windows/Internet Explorer related security issues, why are they not called as such? Why tie the whole industry to the appalling security reputation of Microsoft? Neither Linux nor OSX nor any browser apart from Explorer have problems, (or anything like the number of problems) ... so why is a generic term like "malware" misapplied in this case? Windows is garbage, the use of the word "malware" simply covers this fact up.

  7. Anonymous Coward
    Anonymous Coward

    Can you say "number bloat"?

    "Results 1 - 10 of about 450,000 for malware [definition]. (0.04 seconds)"

    450,000 dangerous pages of 4.5 million suspicious pages of some billions of normal pages. Now tell me, just how many unique IPs are there in these results? I'd be willing to bet not many, and I bet the majority come from only a few, specific countries...

    Now maybe if Google did something productive with this information, like building an IP black list that ISPs could use to screen traffic to known dangerous servers, but I can't see that happening any time soon given their opinion on the "grand will of the interweb".

  8. Webster Phreaky

    Oh B S! Unless You count the INTEL Flash Ads

    Google is full of shit, granted half of the Internet is Porn sites and many have incidious multiple pop-ups and cascading windows or even some with bogus installers with spyware or worse (who's stupid enought to click on those .exe files?); but 1 in 10 is pure bullshit.

    UNLESS you include the Malware like the obnoxious INTEL doggy ads on THE REGISTER that slow down your surfing and the equally horendious Flash Drop Windows that fill Yahoo home pages!!

    If so, than THE REGISTER is a huge purveyor of MALWARE!

  9. Anonymous Coward
    Anonymous Coward

    Annoying Flash ads

    >>UNLESS you include the Malware like the obnoxious INTEL doggy ads<<

    I found that flash ads seriously slowed downloading, and in some cases, if I loaded up too many pages, caused my browser (firefox) to crash. And the ads that seem to resize without asking were highly distracting.

    I then installed a plug-in called FlashBlock. No more worries. And somehow I think the advertisers benefit as well - I know I'm not going to buy anything from a company with annoying 'look-at-me' ads, unless I am forced to. Now that I don't see them, they are more likely to get my custom.

    The cool thing about flashblock is you can still play the flash files if you want to, they just don't load and play automatically. So sites like You-Tube are still useable.

  10. James Penketh

    Protecting against Malware is simple:

    1. Get Firefox

    2. Install AdBlock Plus

    3. Install NoScript

    4. Stop clicking on adverts.

    5. Stop running as Adminstrator

    Or...

    1. Install Linux with Firefox

    2. Install AdBlock Plus

    3. Install NoScript.

    4. Relax

  11. David Dorey

    Goog can do it if they try,

    ofc I have Firefox and Adblocker, but I don’t spose Google would be kind enough to point out pages it knows to be mal? I have stumbleupon installed and I see lots of additional info when I search Goog.

    A skull and cross bones icon next to the URL will do me fine. IANAL tho, but I know one who says you cant do that even if you know the URL is mal. There must be solution in my rant somewhere that adds value to Stumble and deflects liability to the person who thumbs up the skull and cross bones ;0?

  12. David Farinic

    WebMonitor4

    Maybe its time for users/surfers to acknowledge download executable or other potentially dangerous file formats download

    same way as Vista does when user starts application.

    We are using Gfi WebMonitor4 which on gateway detects payload hidden in http and asks user for interaction if executable is detected.

    Administrator on gateway can select which file types and sites are OK same way as firewalls are enabling ports.

    Vista’s problem is that approving is not customizable so attacker can copycat it and trick user to click on such approval but I guess this would be tackled

    when first such exploits will be found in future.

    IMHO this without any AV will catch ~60% of all web based exploits ... wouldn't catch 0 day exploits, which contain malicious payload directly in exploit

    Hey but my comment is biased so take it with care ;)

  13. Guy

    A better solution

    The simple way to get Google to block these pages is to move to China, here they will block "harmful content" at the request of the government. So move to beijing and petition the government to protect you from harm from the nasty people on the internet. Instantly google will block these blighters from getting anywhere near your pirated version of windows and you can continue downloading spiderman 3

  14. nick hilliard

    One in ten pages? I don't think so

    Mercy me, you've really outdone yourselves this time.

    http://www.foobar.org/blog/why-one-in-ten-web-pages-are-not-laced-with-malware

  15. davebarnes

    Useless

    Useless article.

    Without providing some examples of these sites so we verify for ourselves, the article is useless.

This topic is closed for new posts.

Other stories you might like