Skip to main content

One in Ten Web Pages Malicious, Says Google

In a paper entitled “The Ghost in the Browser” (PDF) presented at the Usenix HotBots ’07 conference in April, Google researchers outlined a study which performed an in-depth analysis of some 4.5 million Web pages—condensed from a high-level analysis of several billion URLs. The researchers found found that about 700,000 pages looked to contain code which could compromise a user’s computer, and about 450,000 (or 1 in 10) could trigger so-called “drive-by downloads” that could install malicious software without the user’s knowledge, including keyloggers, spyware, and software capable of taking over a user’s machine and turning it into a spam generator.

The researchers found that in many cases, Web users are tricked into loading the malware-laden Web page by promises of software or media downloads, or—of course—adult material. The sites would claim the user needed a new codec or other component to use the files; the user would instead unwittingly install malware. Many of these sites have no significant Web presence of their own, leading researchers to speculate that traffic is being driven to them via email spam.

Other sites were found to be distributing malware through the use of banner advertisements or so-called “widgets” which weren’t under the direct control of the site operator. Some sites would tie into advertising networks or services which offered on-page utilities like statistics analysis, calendars, or media players; those utilities in turn referenced third-party sites, which would attempt to install malware.

Researchers also found that attackers were attacking entire Web servers (converting almost every page on the compromised server into a malware host), and that attackers were taking advantage of blog comment features and other Web 2.0 means of eliciting user-generated content as means to promote malware sites or to distribute software-based attacks.

The overwhelming majority of attempted exploits targeted vulnerabilities in Microsoft’s Internet Explorer Web browser.

Although Google attempts to warn users of potentially harmful sites listed in its search engine, the researchers’ conclusions are grim. “The sophistication of adversaries has increased over time and exploits are becoming increasingly more complicated and difficult to analyze,” wrote researcher Niels Provos and his colleagues. “Unfortunately, average computer users have no means to protect themselves from this threat.”

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Google’s ChatGPT rival is an ethical mess, say Google’s own workers
ChatGPT versus Google on smartphones.

Google launched Bard, its ChatGPT rival, despite internal concerns that it was a “pathological liar” and produced “cringeworthy” results, a new report has claimed. Worker say these worries were apparently ignored in a frantic attempt to catch up with ChatGPT and head off the threat it could pose to Google’s search business.

The revelations come from a Bloomberg report that took a deep dive into Google Bard and the issues raised by employees who have worked on the project. It’s an eye-opening account of the ways the chatbot has apparently gone off the rails and the misgivings these incidents have raised among concerned workers.

Read more
How to share Google One storage with your family
how to share google one family app android

You can never have too much online storage, especially if you have family members who very quickly load up their phones and computers with pictures and videos. Google One -- the consumer-grade subscription that gets you more online storage, among other features like a free VPN and extra photo-editing features -- allows you to share your extra storage with the rest of your family.

Read more