Home > Google, Malware > Google Security: Frightening Statistics On Drive-By Malware Downloads…

Google Security: Frightening Statistics On Drive-By Malware Downloads…

February 12th, 2008 Leave a comment Go to comments

Read a scary report from Google’s security team today titled "All your iFrame Are Point to Us" regarding the evolving trends in search-delivered drive-by malware downloads.  Check out the full post here, but the synopsis follows:

GoogledbmalwareIt has been over a year and a half since we started to identify web pages that infect vulnerable hosts via drive-by downloads,
i.e. web pages that attempt to exploit their visitors by installing and
running malware automatically. During that time we have investigated
billions of URLs and found more than three million unique URLs on over
180,000 web sites automatically installing malware. During the course
of our research, we have investigated not only the prevalence of
drive-by downloads but also how users are being exposed to malware and
how it is being distributed. Our research paper is currently under peer
review, but we are making a technical report [PDF] available now.  Although our technical report contains a lot more detail, we present some high-level findings here:

The
above graph shows the percentage of daily queries that contain at least
one search result labeled as harmful. In the past few months, more than
1% of all search results contained at least one result that we believe
to point to malicious content and the trend seems to be increasing.

Ugh.  The technical report offers some really good background data on infrastructure and methodology,  geographic distribution, properties and delivery mechanisms.  Fascinating reading.

/Hoff

Categories: Google, Malware Tags:
  1. February 19th, 2008 at 03:52 | #1

    Welcome to my world. I have a report coming out in the next month talking about this data from a different perspective. I’m going to reframe the disclosure debate around infected websites.

  1. No trackbacks yet.