Symantec identifies 'Dirtiest Web Sites of Summer'

Symantec is out with its "Dirtiest Web Sites of Summer 2009," which it's calling "the worst of the worst" when it comes to malware threats.

The security vendor says that "48 percent of the Dirtiest Web Sites are, well, dirty--sites that feature adult content." That means that more than half the sites cover a wide range of other categories including legal services, catering, figure skating, and electronics shopping, according to the report.

On average, sites on the dirtiest list have 18,000 threats per site, but 40 of the sites have in excess of 20,000 threats. One site that appears to offer restaurant catering services has 23,414 computer threats

"The number of web attacks is off the charts because it's the easiest path into a consumer's machine" said Gerry Egan, Symantec's director of security response.

Symantec's Safe Web rates sites for safety

(Credit: Symantec)

The Web, said Egan "has become the primary delivery vehicle for malware." One method for infection is "drive by downloads," which can exploit a vulnerability in your browser or operating system by "leveraging little security holes" and injecting code into your machine simply by virtue of your visiting the site. Another route to infections is social engineering where someone tricks a user into installing a malicious application that can masquerade as a plug-in to play media or even a fake security program that claims to help you find and remove malware. Instead it installs malware on your machine.

There are a number of dastardly payloads associated with the type of malware delivered through these sites including turning your machine into a "spambot" that sends junk e-mail to other people. Such programs can also hijack your computer to be part of a "botnet" to carry out attacks on other systems such as the recent denial-of-service attack that brought down Twitter earlier this month.

Symantec has identified these dirty sites as part of the ongoing analysis it does for its Norton Safe Web product. Safe Web includes a free Web site that anyone can use to see if a site is known to have malware. In addition, Symantec's security products now come with a plug-ins that works with a browser to look over your shoulder while you're surfing or searching to warn you before visiting a site known to contain malware.

TrendMicro Internet Security has a feature that warns you if you are about to visit a site that "may put your security at risk" and McAfee offers a service called McAfee Site Advisor that includes a free plug-in for Firefox and Internet Explorer that warns you about potentially dangerous sites that show up in search results.

Podcast: Larry speaks with Symantec's director of security response, Gerry Egan (8:43)

Listen now: Download today's podcast

[vkp7]

Where can we see the list of these rogue sites ?

[Perry_Clease]

I was surprised that there wasn't a link to it in the article, I did a web search and found this http://safeweb.norton.com/dirtysites

[larrymagid]

Good point. Just made the first reference to the list a hot link.

[larrymagid]

Just added a link.

[kieranmullen]

Is there some reason why that small list could not be included in the Article? Would it not behoove news.com to keep users on its site for advertising etc?

[zenwaves]

So where's the list?

[larrymagid]

Take another look at the article. Made the first referene a hot link. Thanks for pointing this out.

[Perry_Clease]

Thanks for adding the link Larry.

Have a great night.

[baconstang]

Do these attack Macs, short of coughing up your password?

[EvanSei]

well of course they do the only question is do they get in :) I know I sure wouldn't want to even risk going to these sites, but hey if you want to put the macs security to the test thats your choice.

[santuccie]

I don't have time to check the twenty-some-odd links on each report to find out whether they're Mac-targeted, but I doubt it. Approximately 72.93% of all Internet-connected machines worldwide run Windows XP.

That said, the Mac's authentication mechanism is no tougher than a limited account in XP; both can be (and have been) circumvented. Too many Mac users fall hook, line, and sinker for every word Apple utters (while wary of anyone else), and assume it's true that the Mac's perceived "security" has to do with the Unix kernel and defaulting to non-root accounts, rather than obscurity.

Security researchers, who make Swiss cheese out of the Mac on day 2 every year at CanSecWest, say otherwise. I am also of the understanding that there are more privilege escalation vulnerabilities for Unix-based platforms than there are for Windows Vista, which has yet to be attacked remotely in the wild itself. And this comes in spite of being Windows and having been on the market for just as long as Apple has run on Intel, dropping its extra obscurity advantage for prolonged compliance with Moore's law.

@baconstang:

Just FYI, any company will want you to believe that their products are the best, including Apple. But the cold reality is that; while Vista has security mitigations like DEP and ASLR; and Windows 7 adds Safe Unlinking, along with features intended for compatibility that double as extra barriers against rootkits (XP mode); OS X yet has no security beyond authentication, which amounts to nothing more than a chastity belt made of paper; anyone can remove it.

OS X Snow Leopard will add ASLR, but this may not be all that effective without DEP, let alone the numerous other technologies fortifying Windows 7. There are two predictions among security researchers as to what will happen when Windows 7 starts to eat away at XP's market share, and XP machines themselves are armored in greater numbers as security software continues to saturate the market (and more vendors add browser protection to their products):

1) Bot herders will focus their attention on Mac OS, the most vulnerable operating system remaining.
2) Drive-by downloads will die down, and the threat landscape will once again comprise social engineering attacks (Trojan horses). And as Trojans already exist for all three main platforms, you can bet that bot herders will be adding these to their arsenals in order to make up for huge losses in remotely exploitable machines.

http://securitywatch.eweek.com/apple/mac_hacked_via_safari_browser_in_pwn2own_contest.html
http://www.darknet.org.uk/2008/03/mac-owned-on-2nd-day-of-pwn2own-hack-contest/
http://blogs.zdnet.com/security/?p=2917
http://it.toolbox.com/blogs/securitymonkey/mac-os-x-local-user-exploit-appears-12026
http://www.linuxtoday.com/news_story.php3?ltsn=2009-04-17-030-35-SC-SW
http://blogs.computerworld.com/why_windows_is_safer_than_the_mac
http://blogs.zdnet.com/hardware/?p=533&tag=rbxccnbzd1
http://www.dasmirnov.net/blog/charlie-miller-on-the-lack-of-security-o
http://blog.purewire.com/bid/18281/The-Security-Impact-of-Windows-7-Adoption

[pentest]

Of course you are forgetting that those hack contests are not exactly relevant in the real world.

OS 9 had a much smaller market share than OS X, and OS X remains relatively untouched. New exploits appear everyday for windows that work without user intervention.

[santuccie]

@pentest:

'Of course you are forgetting that those hack contests are not exactly relevant in the real world.'
>>>>How so? These were browser exploits. If you're going to disagree with the experts, you'd better have someone to quote. As if I haven't told you before, sources, please.

'OS 9 had a much smaller market share than OS X, and OS X remains relatively untouched. New exploits appear everyday for windows that work without user intervention.'
>>>>You obviously did not read the links, let alone do any research yourself. All these hacks have been since 2007, on OS X. You're walking in blind faith.

In addition, where are the exploits for Vista? Oh, I forgot, you're still comparing OS X to XP.

[santuccie]

Oh, I see. You're not saying the hacks were performed on OS 9, you're insinuating that OS X should get black hats' attention, since it has a higher market share than OS 9. First of all, OS X still has a mere 4.85% of the Internet-connected market, while Windows XP still owns 72.93%. Globally, numbers of machines surpassed 1 billion last year. If we were to assume there were exactly 1 billion computers online, then there would be a grand total of 48.5 million Macs available to attack, with maybe a handful here and there actually running some kind of security apparatus. You can be sure there are far more XP machines in the world with no security at all. And the RBN requires millions, not thousands.

Numbers aside, be aware that the Mac is being attacked now. Ever heard of iBotnet? It's just a Trojan, but it's first attack to reach thousands of machines. Then we have "codecs" peppered about the Web, as well as a 2008 Trojan whose code would lend itself quite well to drive-by attacks, if the Russians knew how to do it. Yes, they're working on your platform; give them time. It took some three years following the release of XP for drive-by downloads to emerge. Since no one would be reinventing the wheel this time, it's possible that it might not take as long to get the hang of Mac OS. Of course there will be fewer people working on it, with the majority concentrating on exploiting unpatched and unprotected XP machines, but they'll get there.

When this happens, the bad thing is that there will be more sensitive information being stolen, more e-mail accounts and contacts lists compromised, more identities stolen, more bank accounts cleaned out, etc. And it could be a year following the dawn of the Mac-targeted, ItW exploits before Symantec products offer browser protection for the Mac like they do for Windows. That said, the good thing is that the old "Invincibility" doctrine will forever be silenced.

[EvanSei]

always have a good anti-virus, fire wall turned on and anti-malware.

[pentest]

No such thing as good anti-virus. It is always behind the curve. Symantec is the worst, their products can't even be bothered to scream when an application hooks into the keyboard for all running apps. Windows doesn't complain either, MS helpfully added a function to sniff any piece of hardware you want.

Don't get me started on all the great windows kernel functionality that helps out root kit writers.

Microsoft: Helping malware and rootkit writers is job 1.

[santuccie]

@pentest:

That is ridiculous. For one thing, Symantec Norton is more difficult to terminate than other AV products, because of the way it hooks the system. Norton is also one of the most likely to fully remove the infections it finds. And furthermore, Norton has browser protection, blocking drive-by downloads independently of signature/heuristic detection.

That said, drive-by downloads didn't exist until two or three years following the release of XP, and rootkits not until 2005. And if helping rootkit writers is job 1, then why did Microsoft implement "Windows XP Mode?" In order to install a rootkit, and have it go undetected, you have to terminate the drivers, install your own, and then emulate XP Mode.
http://blog.purewire.com/bid/18281/The-Security-Impact-of-Windows-7-Adoption

Sorry to bust your bubble, but science trumps religion here.

[rmcmanemon]

I see the sample list, but there does not appear to be a full list or at least it is not provided for free. Symantec must want you to buy their product first.

[larrymagid]

The list I linked to is what Symantec has made available to the public. It's all they're posting.

[FugCnet]

Yes, you added a link. No, you did not link to the list, you linked to the "Safe Web" site, not to the "Dirtiest" list!

[larrymagid]

The site I linked to has samples from the list -- the only ones that Symantec has published. They said they decided not to publish the whole list because some has sexually explicit URLS.

Larry Magid

[billd888]

There is no charge to sign up for this, I just did and there was no request for any payment. But after logging into their Safe Web site I still do not see any links to the list. There is not even a search capability there.

[ChukchansiDan]

I'm confused.... in the list of Dirtiest websites is a site called lilkaraoke.com, yet when you read Nortons report, it says the site is safe and there are zero threats.... If that's the case, why is it on the list of dirtiest websites?

[xarophti]

My assumption here (I could be wrong) is that the status could have changed since the initial publication of the list. There is a link for site owners. The owners could have found their rating and disinfected and protected their site and appealed to Norton for re-evaluation. The "family tree" and "family photo album" .org sites were the ones I found interesting. They may be legitimate sites with inadequate protection that have been hacked where the owners have no clue.

[ChukchansiDan]

Another question, if these sites are "stealing" your information, and "stealing" is a crime, why aren't they being taken down? Is there no jurisdiction or laws about taking down sites that are known to be stealing your information, or turning your computer into a spam-bot? I know some spammers have been prosecuted, so why not these sites?

[setjeff15081947]

Blessings on the DoS-perverts who brought down Twitter; read a book, watch T.V., talk, face-to-face, to another human being, contemplate the size of your ? navel [Thought I was going to type something else, huh?].
I?ve just discovered RSS-Newsfeeds, and I?ve been doing newsletters for a number of years; I travel, daily, to Usn?s, the EU, the Middle East, and the Pacific Rim. Now, this non-techie news gatherer [ME ? ?It?s I; it?s me; it?s Carla Görterberg!?] has to upgrade his Kaspersky Anti-Everything, so that I am protected hourly against the thousands of threats that rise daily on even once-trusted-sites?
W.W.W., World-Wide-Web, is now a collection of seedy neighborhoods that your Mother told you not to venture into. Congratulations! To All of Us for allowing this to come about.

[perfectblue97]

I wonder how many of these sites know that they are dirty? It's the same with computers on zombie networks, most people probably have no idea.

There needs to be a change in the law forcing ISPs and host companies to notify their customers if they detect virus or malware signatures coming from their systems.

[bluemist9999]

The best way to browse securely is to assume the Internet is like New York City. Don't trust anything you didn't specifically ask for, and perform antivirus scans and antispyware scans routinely. Having a good stealthy firewall helps but isn't as useful for protection as it once was.

If you use Firefox, you can use the NoScript plugin, but that can get very annoying since many legitimate sites use scripts for just about everything --- expect to answer a lot of confirmation prompts.

In terms of OS's I'd say Linux is most secure (mainly because it's not very widely used at all, and Unix has had its underpinnings hacked and patched for over 20 years), but absolutely no OS is totally secure.

Of course, if we add in non-security-aware users who blithely install a video plugin to watch naked videos of (insert celebrity here), all bets are off. Hand someone a gun and he can shoot himself in the foot with it.

[El_Segfaulto]

Of course, if we add in non-security-aware users who blithely install a video plugin to watch naked videos of Winston Churchill, all bets are off. Hand someone a gun and he can shoot himself in the foot with it.

[The_happy_switcher]

I with this guy, it's time to ban people from the internet if they are using unsafe Windows. Theirs are the ones being turned into zombie bots and causes a majority of the problems.
[CNET editor's note: Prohibited link deleted.]

[El_Segfaulto]

I agree! Also we should ban people from public places if they refuse to get immunized!
[CNET editor's note: Personal attack deleted.]

[ngngokkiu]

Let's ban people from cnet for making stupid comments.

[demize81]

wow!....sites that are dirty according to norton are green according to mcafee siteadvisor

i use mcafee and that doesn't make me feel safe

[Edward_Sagala]

Why allow such sites to continue operating and yet they are harming internet users. My machine has been affected by a virus by the name recycler and I have been unable to manage it, what can I use to manage the virus?