Google is warning Web users of the increasing threat posed by malicious software that can be dropped onto a computer as a Web surfer visits a particular site.
The search giant carried out in-depth research on 4.5 million Web sites and found that about one in 10 Web pages could successfully "drive-by download" a Trojan horse virus onto a visitor's computer. Such malicious software potentially enables hackers to access sensitive data stored on the computer or its network, or to install rogue applications.
Google's report (PDF: The Ghost in the Browser: Analysis of Web-based Malware), published last week, said the rise in Web-based malicious software has been aided by the increasing role that the Internet plays in everyday life, along with the ease in setting up Web sites.
Graham Cluley, senior technology consultant at Sophos, said Google is highlighting a worsening trend and "a considerable problem" for businesses and individual Web navigators.
An average of 8,000 new URLs containing malicious software emerged each week during April, Cluley said, adding that the notion that such software resides only in the darker corners of the Internet is very outdated. Seventy percent of Web pages hosting rogue software are found on legitimate sites targeted by hackers, according to Sophos.
To place malicious software on Web sites, hackers are manipulating Web server security, user-posted content, advertising and third-party widgets, Cluley said. "They used to spread malware by e-mail attachment. What they do now is spam out URLs."
Cluley warned businesses that they "cannot protect users by restricting what sites they go to. You need to start protecting your Web access as well as your e-mail gateway."
Java, Java Script, Plugins, pretty much everything, so that the browser is processing only HTML, basics, and you can enbed things like that in straight HTML, only that is read and everything else is thrown out. No other browser allows for this that easily to be done to my knowledged, that's why Opera is my choice for a web browser.
If you use Firefox, then you should use the Noscript add-on. My default for any site is scripting turned off. I only allow trusted sites to use scripting. This may not be a perfect solution, but it is better than running "naked". I also run ZoneAlarm anti-spyware/virus, and Windows Defender. Again, not perfect, but there is only so much you can do without completely impairing the web experience.
If you are eally fanatic, I suppose you could only run your browser in a virtual machine by using VMWare or equivalent. After each browser session, purge the virtual machine and replace it with a virgin virtual machine. Any malware that you might have picked up during the last session will be destroyed. If you have kids using a computer, you either need to use this technique, or have them run the browser under hardened Linux.
Harden IE: 1. Tools -> Internet options -> Secuirty -> Internet -> custom level -> "reset to" select "high" -> clieck "reset" 2. In this above dialog fox, select "downloads" -> File download -> Enable This will disable everything including javascript, java, etc. The only catch is that if you need to view a pdf file, you need to save it locally and then open it. But I have been using this setting for years (since year 2001) visiting all sorts of web sites without any virus probelms. 3. Internet options -> Secuirty -> Intranet -> custom level -> "reset to" select "medium high" -> clieck "reset"
For a few trusted web site that require javascript, you can add it to intranet zone.
ALso do: Keep computer up-to-date with WIndows update.
'one in 10 Web pages could successfully "drive-by download" a Trojan horse virus onto a visitor's computer.'
To what kind of computer could it download the trojan? Why a Windows computer, of course! Cnet doesn't want to upset MS though, so they won't report on that fact.
Keep pushing Macs. Eventually, you'll end-up in the same boat as PC users. Macs are no more secure than PCs, it's just that they don't have the market share needed for malware programmers to target them...yet.
Google's alliance with StopBadware.org - a major problem brewing
One of my client's sites, Durand Railroad Days, got flagged with a warning page that pretty much blocked people from visiting that site from Google.
I consider this to be heavy-handed and unfair. Why should I or my clients have to suffer the consequences of someone illegally hacking into my clients or my own server space?
They could be taking a leadership role by working with designers and hosts like myself. Instead, they put up an arbitrary warning page, which runs the risk of damaging the reputation of the client or designer. They have also been singling out hosts. They should be working with these people, not at them!
Another thing: All my clients have contact information on their sites, and I have my web address on all. There is no reason why they cannot contact the client or myself directly to inform us of the problem, what the problem is, and what needs to be done to fix it. Sure, every solution is different. But if Google and StopBadware are really interested in being responsible, they will go the extra mile here, instead of putting arbitrary warnings on a link to a site.
I don't like having my reputation slammed, nor that of my clients, and I go to great pains to encourage people to learn more about identity theft and malicious software, viruses, worms, and Trojan horses.
BTW: I run a Mac. But they can also get inflicted, especially the new ones that can run both Windows and Mac software.
I have a similar problem, but it is with SiteAdvisor. They have no problem with my content, but I was linking to a site that they classed as bad. While I removed the link soon after, three months later they haven't updated their report, even though they assured me that they would do it last month.
More transperancy is needed with sites like these.
I no longer trust Google for anything. They have now put themselves as the "High Priests" of the Internet. All the while they do not index most Websites unless paid to do so> How can anybody trust one search engine against the hundreds ones that get better results. If you have enough money then you are indexed by Google. Money buys fake publicity that the public buy into without even doing any research. I know this first hand since our non-profit website was paying for someone to do our indexing. All was wonderful until we could not longer pay. Suddenly out traffic went through the roof as other search engines indexed our Website for free. Do not listen to the billion dollar boys at Google tell you they are the "police" of the Internet. All they know how to do is count your dollars as you pour them over to their sponsors and indexers that pay Google. What a load of bull!!
I could not agree more with what you have written about Google. I just wished more people would realize what you have found out. That Google in fact far from being a un-biased source of information, search engine, is in fact very biased by money considerations.
Try AnooX search engine if you want to be free from the noose of Google & Yahoo. Because it is a search engine that is powered by the People, it is Open source and Not-for-profit. Here: www.anoox.com
Want to be free of being Hacked by malicious web sites, either switch to Mac or if you are on Windows as I am, as 98% of people are, use Oxygen web browser by Netdive. You can download it for free here: <a class="jive-link-external" href="http://www.netdive.com/oxygen/download.htm" target="_newWindow">http://www.netdive.com/oxygen/download.htm</a>
Oxygen is free, and best of all it is fast, since it is not loaded with junk/extra software as IE or FF are.
due to the fact that many dangerous sites are sponsered by Google. I am not picking on google itself, I do use their search engine and I do not mean that stupid toolbar they try to keep shoving down my throat. As a matter of fact most dangerous sites are recieved after a person downloads a toolbar of sorts. WHY IS GOOGLE FOLLOWING THIS PATH?
<p>There are numerous software titles out there that help prevent this type of malicious software from attacking your computer. If your computer is infected and you know the website where the software came from then a swift notice to their <a href="http://www.geauxfaster.com" class="style2"> <span class="style1">web hosting provider</span></a> would be in order</p>
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Java, Java Script, Plugins, pretty much everything, so that the browser is processing only HTML, basics, and you can enbed things like that in straight HTML, only that is read and everything else is thrown out. No other browser allows for this that easily to be done to my knowledged, that's why Opera is my choice for a web browser.
If you are eally fanatic, I suppose you could only run your browser in a virtual machine by using VMWare or equivalent. After each browser session, purge the virtual machine and replace it with a virgin virtual machine. Any malware that you might have picked up during the last session will be destroyed. If you have kids using a computer, you either need to use this technique, or have them run the browser under hardened Linux.
1. Tools -> Internet options -> Secuirty -> Internet -> custom level -> "reset to" select "high" -> clieck "reset"
2. In this above dialog fox, select "downloads" -> File download -> Enable
This will disable everything including javascript, java, etc.
The only catch is that if you need to view a pdf file, you need to save it locally and then open it. But I have been using this setting for years (since year 2001) visiting all sorts of web sites without any virus probelms.
3. Internet options -> Secuirty -> Intranet -> custom level -> "reset to" select "medium high" -> clieck "reset"
For a few trusted web site that require javascript, you can add it to intranet zone.
ALso do:
Keep computer up-to-date with WIndows update.
Trojan horse virus onto a visitor's computer.'
To what kind of computer could it download the trojan? Why a
Windows computer, of course! Cnet doesn't want to upset MS
though, so they won't report on that fact.
I consider this to be heavy-handed and unfair. Why should I or my clients have to suffer the consequences of someone illegally hacking into my clients or my own server space?
They could be taking a leadership role by working with designers and hosts like myself. Instead, they put up an arbitrary warning page, which runs the risk of damaging the reputation of the client or designer. They have also been singling out hosts. They should be working with these people, not at them!
Another thing: All my clients have contact information on their sites, and I have my web address on all. There is no reason why they cannot contact the client or myself directly to inform us of the problem, what the problem is, and what needs to be done to fix it. Sure, every solution is different. But if Google and StopBadware are really interested in being responsible, they will go the extra mile here, instead of putting arbitrary warnings on a link to a site.
I don't like having my reputation slammed, nor that of my clients, and I go to great pains to encourage people to learn more about identity theft and malicious software, viruses, worms, and Trojan horses.
BTW: I run a Mac. But they can also get inflicted, especially the new ones that can run both Windows and Mac software.
More transperancy is needed with sites like these.
Try AnooX search engine if you want to be free from the noose of Google & Yahoo. Because it is a search engine that is powered by the People, it is Open source and Not-for-profit. Here:
www.anoox.com
<a class="jive-link-external" href="http://www.netdive.com/oxygen/download.htm" target="_newWindow">http://www.netdive.com/oxygen/download.htm</a>
Oxygen is free, and best of all it is fast, since it is not loaded with junk/extra software as IE or FF are.
Cheerio :)
malicious software from attacking your computer. If your computer is
infected and you know the website where the software came from then a swift
notice to their <a href="http://www.geauxfaster.com" class="style2">
<span class="style1">web hosting provider</span></a> would be in order</p>
http://www.google.com/support/forum/p/Webmasters/thread?tid=7e70d6afa49a8ada&hl=en