Scary, recently published, dense, 9 page paper [0.5 MB PDF] by Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, and Nagendra Modadugu of Google. BBC report. Abstract:
"As more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host. We believe that such behavior is similar to our traditional understanding of botnets. However, the main difference is that web-based malware infections are pull-based and that the resulting command feedback loop is looser. To characterize the nature of this rising thread, we identify the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets. For each of these areas, we present examples of abuse found on the Internet. Our aim is to present the state of malware on the Web and emphasize the importance of this rising threat."
Thanks for highlighting this Seb.
Reading this article confirms that many of us have been saying for some time. The combination of a virtual monoculture at the desktop (Microsoft) and the increasing prevalence of 'content rich' sites that depend on syndicated content over which they have very little quality control is providing a vector for the propagation of malware.
1 in 10 websites infected is what the article says!
So in plain English, if web 2.0 means allowing the community to be able to put up content-rich material for immediate public consumption, we should not be surprised that some of this material when down-loaded onto your computer does malicious things. Remember: every time you visit a website, every image, piece of code and text is downloaded to your computer.
What can we do about this?
1. Install something like McAfee Security Centre, don’t depend on the Microsoft provided solution because no matter how good it is, its part of the monoculture and will have been factored in by the designers of malmare.
2. Run a daily/weekly scan and read the results before you go on line to perform serious transactions like banking.
3. Use a browser like Firefox as well as IE. The former is not part of the monoculture.
4. Manage who uses your computer, you might be doing all the right things, but if there are other users of your computer they might not be as savvy.
5. Watch the Google initiative and if Google says that a site is risky, simply don't go there.
Markets are about confidence: if we are to benefit from the Internet then we need assurance that we stand a better than 1 in 10 chance of having our identity stolen or transactions logged.
To keep an eye on developments, to a look here at HackerWatch, which "lets you report and share information that helps identify, combat, and prevent the spread of Internet threats and unwanted network traffic".
Dick
Posted by: Dick Moore | 13/05/2007 at 12:38
Thanks for this comment, Dick. Today I came across this article from the 5/5/2007 New Scientist Web browsers are new front line in internet war, which is on the same tack.
Posted by: Seb Schmoller | 16/05/2007 at 16:41