The number of Web sites hosting malicious software, either intentionally or unwittingly, is rising rapidly, according to statistics to be released on Tuesday from Dasient.
More than 640,000 Web sites and about 5.8 million pages are infected with malware, according to Dasient, which was founded by former Googlers to offer services to help Web sites stay malware-free and off blacklists.
That figure for infected pages is nearly double what Microsoft estimated in a report in April.
Meanwhile, the Google blacklist of malware infected sites has more than doubled in the last year, registering as many as 40,000 new sites in one week.
Dasient identified more than 52,000 Web-based malware infections, bringing the total to more than 72,000 unique infections logged by the company since it launched its malware analysis platform early this year.
Infections on newly compromised sites that have 10 pages or more spread to nearly one quarter of the pages on the site, on average. Nearly 40 percent of the infected sites were later reinfected.
Most of the malware infections are accomplished by JavaScript and iFrames being injected into legitimate sites, accounting for nearly 55 percent and 37 percent respectively, said Dasient co-founder Neil Daswani.
The statistics illustrate the growing trend of attackers targeting browsers and Web applications with SQL injections, cross-site scripting and other attacks that can lead to drive-by downloads. Infections can come from anywhere on a site, including widgets and ads.
Dasient will be providing a top 10 list of Web-based malware attacks for each week and other trend information, as well as publishing information about new infections via a Twitter feed.
Dasient is sharing information on the top Web-based malware infections with Web site owners.
(Credit: Dasient)
Dasient founders Neil Daswani, Ameet Ranadive, and Shariq Rizvi
(Credit: Elinor Mills/CNET)Last week, PBWorks founder David Weekly found out from some customers that his hosted collaboration site had been blacklisted by Symantec for hosting malware and, thus, visitors to any of the 10 million pages on PBWorks were being warned that the site wasn't safe.
"(Damn) you, Norton Safe Web. Whenever one file on one PBWorks space has a virus, all of PBworks is marked unsafe?!" a frustrated Weekly wrote on Twitter and Facebook on Thursday. In a follow-up interview, he said: "That's tarnishing our brand. It's not legitimate to basically poison the whole domain and all of its sub-domains."
The problem is not unique to PBWorks; many legitimate sites find themselves on the malware blacklists of services from security software firms, search engines, and browser makers every day. However, the problem is exacerbated for sites like PBWorks where most or all of the content is customer-created and not in the control of the hosting provider. Because one student uploaded a Word file with a virus in it to a PBWorks homework assignment space, all of the 850,000 spaces on the site were penalized.
Now there is help for sites that find themselves on malware blacklists, courtesy of two former Googlers who founded start-up Dasient, which is launching anti-malware services.
On Tuesday, Dasient comes out of stealth mode to offer a public beta of its free blacklist alert service and a fee-based service for monitoring Web sites for malware to keep them from getting blacklisted in the first place. With prices starting at $50 a month, the monitoring service will identify what parts of a site are infected with malware, exactly what code is suspect, and recommend actions to take.
Dasient also is launching a private beta test of what will be a fee-based service that automatically quarantines malicious code found on a Web site while still allowing the site, and even the page that was hosting it, to remain accessible. Two of Dasient's three co-founders have the Google DNA, which helped nab funding and should help in many other ways.
Co-founder Neil Daswani got his doctorate in computer science from Stanford, was a product manager on the security team at Google and lead author on "Foundations of Security: What Every Programmer Needs To Know," a Web application development book that is a standard text used at Google. Daswani helped defend Google's vast networks against malware, botnets, click fraud, and other threats for the three years he worked there.
Shariq Rizvi worked at Google for three years as a software engineer on the Web server team, which is the front end to the search engine, and on the Google AppEngine team. The third co-founder, Ameet Ranadive, were early employees at online personal financial services company Yodlee with Daswani and worked as a hardware engineer at HP before that.
Dasient raised $2 million from investors in October in a seed round led by Stratton Sclavos, former chief executive of security firm VeriSign who is now a venture capitalist at Radar Partners. Other investors were Mike Maples, who has invested in Twitter, and Eric Benhamou, former 3Com and Palm chief executive.
Attacks on browsers, apps increasingly common
More and more security threats are targeting browsers and Web applications, using SQL injections, cross-site scripting and other attacks that can lead to drive-by downloads, for instance.
The attacks also are coming increasingly from trusted and reputable sites. As much as 80 percent of sites hosting malware are legitimate, according to antivirus vendor Sophos). There are even worms like Gumblar that automate the stealing of FTP (File Transfer Protocol) credentials so attackers can compromise Web sites.
As a result of all of this, the market Dasient is targeting is under-served and ripe, Sclavos said.
"This is one of those areas where the pain is very high but the knowledge (among Web site owners) about what to do about it is very low," he said. "It's a relatively new space and the attacks are very sophisticated."
At Google, the founders were used to deploying software and addressing security on a large scale. "We need to be able to operate at Web scale and Web speed in order to provide these automated services," said Ranadive.
Just like when Web sites lose their ranking in Google's search results, sites can lose business and suffer damage to their reputation when they end up on malware blacklists.
Dasient will be targeting Web site owners as well as Internet Service providers and Web hosters. One possible customer is Consolidated Communications, a Web hoster and Web site developer that served as an alpha tester for Dasient after a customer (a nonprofit started by Fred Rogers of Mr. Rogers TV fame) was found to be blacklisted.
"We've seen this happen with a number of sites but not a site on that order and we thought we really should act proactively to help our customers guard against future intrusions," said Tim Sweet, Web services manager at Consolidated Communications. "So, if there is a service we can deliver as an add-on to (customers') hosting service we think they would appreciate it and probably pay for it as well.
"How many of us would fire up a computer without virus protection? It's unthinkable," Sweet added. "So, I see a day coming where we'll treat malware intrusion the same way with our Web sites."
Weekly of PBWorks now has plans to implement server software that checks uploaded files for malware. Any security for the private work spaces that PBWorks hosts would have to be handled in-house, he added.
The Dasient founders hope to share data with the StopBadware.org organization, coordinated by Harvard Law School's Berkman Center for Internet & Society. StopBadware.org, meanwhile, is looking to eventually launch a blacklist alert service of its own one day, according to Maxim Weinstein, manager of the organization.
"I think this idea of more proactive monitoring of sites is a good one. This is an important step for site owners to be able to figure out what's going on with their sites," said Weinstein, who added that his group does not endorse or evaluate specific products or services.
"But, realistically, I think it may be difficult convincing Web site owners to do that until they've been hacked for the first time."
- prev
- 1
- next
