At the USENIX Security Symposium in San Jose on Wednesday, a Google researcher presented a study on the pervasiveness of drive-by-downloads on the Internet, and the findings were unsettling, to say the least. Over a 10-month period last year, researchers analyzed 66 million URLs and detected more than 3 million that tried to automatically install malware on a visitor’s computer. They also found that about 1.3 % of Google search queries returned at least one malicious URL.
“Our research has shown Web-based malware is a significant problem. … and there are no good proactive defenses against it,” said Niels Provos, senior staff software engineer in Google’s infrastructure group. The problem is so widespread that even cautious Web surfers can run into malware. While adult websites had twice as many drive-by-downloads, “regular Web users, even if they stay away from the dirty parts of the Internet, have a good chance of running into malicious sites,” he said.
The fundamental problem is insecure Web servers, Provos said. Attackers often inject new content into a compromised website and use invisible HTML components such as zero pixel IFrames to hide the content, according to the study. In most cases, the injected content redirects a website visitor to a remote site that hosts a script designed to exploit the browser. The researchers counted more than 9,000 malware distribution sites.
China is a big contributor to the problem, the study showed. Sixty-seven percent of all malware distribution sites were hosted in China; 64 % of sites that trigger drive-by-downloads were hosted in China.