Top WordPress Themes

The Majority of Malware is from China

Posted on: Tháng Ba 20, 2008

It is an interesting when Google Security Blog is talking about iFrame and security related to malware and content.

I am very new to malware but I hate anything that is harmful to our internet community and not family-safe either. Many Google experts have worked very hard to ensure their system clean and fresh to readers and all submitted blogs/sites to them are monitored and assessed to make sure that these blogs are not using Google system to deliver malware or spams.

What is the malicious content injection?

Malicious Content Injection

To understand if malicious content on a web server is due to poor web server security, we analyzed the version numbers reported by web servers on which we found malicious pages. Specifically, we looked at the Apache and the PHP versions exported as part of a server’s response. We found that over 38% of both Apache and PHP versions were outdated increasing the risk of remote content injection to these servers.

Our “Ghost In the Browser [PDF]” paper highlighted third-party content as one potential vector of malicious content. Today, a lot of third-party content is due to advertising. To assess the extent to which advertising contributes to drive-by downloads, we analyze the distribution chain of malware, i.e. all the intermediary URLs a browser downloads before reaching a malware payload. We inspected each distribution chain for membership in about 2,000 known advertising networks. If any URL in the distribution chain corresponds to a known advertising network, we count the whole page as being infectious due to Ads. In our analysis, we found that on average 2% of malicious web sites were delivering malware via advertising. The underlying problem is that advertising space is often syndicated to other parties who are not known to the web site owner. Although non-syndicated advertising networks such as Google Adwords are not affected, any advertising networks practicing syndication needs to carefully study this problem. Our technical report [PDF] contains more detail including an analysis based on the popularity of web sites.

The analysis also came to an conclusion that te majority of malware is hosted by web servers located in China. That means most of malware distribution sites ar from Chinese web servers:

Finally, we also investigated the structural properties of malware distribution sites. Some malware distribution sites had as many as 21,000 regular web sites pointing to them. We also found that the majority of malware was hosted on web servers located in China. Interestingly, Chinese malware distribution sites are mostly pointed to by Chinese web servers.

We hope that an analysis such as this will help us to better understand the malware problem in the future and allow us to protect users all over the Internet from malicious web sites as best as we can. One thing is clear – we have a lot of work ahead of us.

Thanks Google for sharing a very interesting analysis with clear evidence. So, I am now aware of what should I do to prevent malware and spams.

Advertisements

Trả lời

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Đăng xuất / Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Đăng xuất / Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Đăng xuất / Thay đổi )

Google+ photo

Bạn đang bình luận bằng tài khoản Google+ Đăng xuất / Thay đổi )

Connecting to %s

%d bloggers like this: