On Thursday, Webmasters around the world noticed unusual spikes in traffic. For some smaller sites the sudden surge of Web traffic toward their sites appeared to be almost a denial-of-service attack.
Turns out it was the free version of AVG Antivirus 8.0 just doing its job.
In a statement on Saturday, Grisoft said "We have actively listened to the Webmasters who have brought this to our attention, and as a company we have reacted quickly to solve them." What it did was issue a new build of the popular free program.
What's different in version 8 from previous versions is the inclusion of Linkscanner, a scanner that stops malware components embedded on compromised Web pages. LinkScanner was created by Exploit Prevention Labs and purchased last summer by Grisoft, maker of AVG products.
One feature of LinkScanner, Secure Shield, works by downloading the home page of each site returned in a common Web search then populates the search result page with colored icons indicating the relative safety of those sites. The feature, which has been previously available, apparently didn't scale to the large numbers of AVG free customers. On Monday, Roger Thompson, who developed LinkScanner and is now chief research officer for Grisoft, confessed, "We knew it would create a spike of some sort, but nothing like what happened."
How dramatic was the surge in traffic? The site AVG-Watch.org provides charts on bandwidth use after the release of AVG 8.0.
In an e-mail to CNET News, Thompson went on to say: "We did not consider the multiplying effect of any given Web site's own marketing within search engine results. In other words, if a Web site, through its marketing, became a common search result, it was scanned much more often than we expected. As soon as we found out, we gathered some data, talked to some Webmasters, and figured out what to do."
However, Thompson disputed a claim by AVG-Watch.org that the updated AVG version now only "pretends to prefetch," and does little more than a DNS (Domain Name System) lookup of the site. Thompson said "it doesn't pretend to pre-scan. It just works off the local blacklist. That involves a DNS lookup, so that we can compare both IPs and URLs."
Making matters worse last week, AVG disguised the scans as coming from Internet Explorer 6 browsers, and not Secure Shield. For a few days it was unclear who was responsible for the surge in Internet traffic. Thompson said they could have made the LinkScanner scans entirely stealth, but they wanted to give Webmasters the option of filtering the scans.
"The real issue is that, like it or not, we're at war on the Web," said Thompson. "Criminals, both organized and opportunistic want our PCs and our money, and they're attacking via the Web. It's no longer like the old days when they wrote this stuff for fun."
New Web threats today come not necessarily from sites built to host malicious content, but also from legitimate sites that have been compromised. A new safe Web surfing product, Haute Secure, is out of beta and available for free home use with both Internet Explorer and Firefox. Founded in 2006 by former Microsoft security engineers, Haute Secure hopes to distinguish itself in a crowded field of products, including Grisoft Linkscanner and Finjan SecureBrowsing.
Haute Secure is a free 32-bit or 64-bit download when used for home use; businesses will be charged to have their Web pages checked for malicious code. At the moment there is little technical support offered beyond a few FAQs and a users' forum.
While we were pleased with the product's ability to block threats on compromised Web sites, Haute Secure did, however, fail to identify a few recent non-exploit-related phishing sites, which surprised us. Using five sites recently reported to a reputable, independent phish-tracking site (most were active an hour or less), we noted that none were flagged as active by Haute Secure. Perhaps that's because the pages themselves do not contain malicious code. Yet the pages do contain forms which, when filled out and sent in, could compromise your identity. Although Haute Secure uses phishing reports from Stopbadware.org and others, and will warn you of known fraudulent sites, we found the native anti-phishing protection in Internet Explorer and Firefox did a better job at flagging recently reported phishing sites.
- prev
- 1
- next
