Net's Malware Infection: Growing by 5,000 Sites per Day
May 18, 2007 4:00 AM PT
With e-mail's value as a malware delivery agent on the decline, writers of malicious software have boosted their efforts to infect Web sites with their nasty payloads.
Thousands of malicious Web sites are created on a daily basis to steal information from unsuspecting visitors or plant insidious software on their computers without their knowledge, according to security experts interviewed by TechNewsWorld.
On average, 5,000 new malicious Web sites are created daily on the Internet, estimated Ron O'Brien, a senior security analyst in the Burlington, Mass., offices of Sophos, an international network security company. That number hit a peak of 8,000 in April, he added.
Infected E-Mails Dropping
In the past, malware mongers could count on e-mail attachments to deliver their electronic effluent to their victims, O'Brien explained, but as users became wiser to the ways of the spam artists, that method's virility shriveled.
A year ago, he recalled, one out of every 40 e-mails traveling through the Internet contained a virus; now that number is one in 300.
"The malware writers, in order to increase their rate of success, have taken to putting URLs in their spam because you're much more likely to click on a link to a Web site than you are to click on an attachment," he explained.
"So as a method of delivery," he added, "e-mail infected with viruses are down, but it has been replaced by e-mails that contain links to Web sites that are hosting malicious content."
The 10 Percent Problem
Just how pervasive the problem has become was revealed in a study released at the HotBots conference held in Cambridge, Mass., last month.
One out of every 10 sites on the Web, the research found, is infected with "drive-by" malware -- malware that automatically installs itself on a computer when it visits a site. The study was conducted by Google researchers Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang and Nagendra Modadugu.
Of some 4.5 million URLs analyzed by the researchers, about 450,000, or 10 percent, were engaging in drive-by downloads.
While the number of infected Web sites is high, that doesn't mean Net surfers should put their surfboards in the closet, asserted Randy Abrams, director of technical education at antivirus software maker ESET in San Diego, Calif.
"That one-out-of-10 doesn't mean one out of 10 sites that the average user is likely to encounter," he explained. "Oftentimes, the only way you're going to find one of these sites is by clicking a link in a spam or getting redirected from a questionable Web site.
"If the only way you can get to a site is by clicking a link in a spam for Viagra," he argued, "people with spam blocking never see that, people who delete their spam never see that, so there's a ton of sites with malicious code on them that most people are never going to see.
"There's a definite hype factor in that 10 percent number," he added.
However, he acknowledged that malicious Web sites can be a huge headache when they're linked to high-traffic sites, like the Super Bowl Web site.
Show Me the Money
It shouldn't be surprising that information highwaymen are turning to infected Web sites as distribution points for their banditry, observed David Marcus, security research and communications manager for McAfee Avert Labs.
"Most people start off their computer usage in some way, shape or form with a Google search or some kind of Internet session," he explained.
"They're doing more research online, they're doing more searching online, they're doing more transactional buying online," he continued. "When you consider that, it only makes sense for the malware writer to leverage that kind of behavior to push out their malware.
"Malware follows money," he added, "and where there's money to be made or transactions, credit card numbers or identities to be stolen, there's going to be malware."