Google: 10% of websites contain malicious code

Every 10 websites that Google "peek in" has a website containing malicious code that can attack any user's PC. This is the latest conclusion from a thorough survey and analysis of its 4.5 million websites.

Among them, about 450,000 websites can perform "drive-by download" attacks on users' PCs. That is the type of website that can secretly install malicious code on a user's PC without knowing it at all.

There are also 700,000 other websites that are thought to harbor malicious code that can kidnap a PC to turn it into a tool to serve other dark targets of hackers such as sending spam.

In order to solve this problem, the researchers suggest that the leading search service provider on the Internet should begin conducting thorough analysis to filter out websites that are deemed to be malicious.

Ghost website

"Drive-by download" has now become a popular form of PC attack. The goal of this attack is to inject malicious code into PC users to steal personal information when they are tricked into accessing a malicious website.

"To trick users into accessing and installing malicious hackers often provides information about a prominent event that attracts a lot of user attention. This technique is called social engineering." This is the statement of the researcher Google Niels Provos and colleagues in the report "Ma in the browser" (The ghost in the browser).

Users often get a link to a website that promises to provide them with content like information, copyrighted software .

Most of the security vulnerabilities used to attack web users are security flaws in Internet Explorer. This is a perfectly visible thing because this is the most used browser type.

Picture 1 of Google: 10% of websites contain malicious code Some malicious code after infecting PC also caused a lot of discomfort for users such as installing miscellaneous browser toolbars, changing browser homepage, changing bookmarks .

But the most common type of malicious code used in "drive-by download" attacks is a keylogger capable of recording actions performed on the keyboard to steal user's personal data.

Another type of malicious code that is commonly used is malicious code that can kidnap and turn a user's PC into a "BOT" - a type of PC that can be remotely controlled.

"Drive-by download" is the clearest evidence for the transformation of hackers' attacks. Previously they mainly used traditional malicious code distribution by attaching to an email.

Not every website is safe

Parallel to that, Google also analyzes the method of inserting malicious code into the most commonly used websites today.

The results show that most malicious code is often not designed or controlled by the website owner, but is often inserted through ads or widgets (a small form of web application).

The development of Web 2.0 platform and user-generated content has brought hackers another malicious "distribution" channel. For example, hackers can post to a blog or forum links or malicious images containing malicious code that are ready to attack anyone who accidentally clicks on it.

The Google survey also found that now criminal groups have the ability to kidnap a web server and install malicious code on every website hosted on that server.

The computer used for testing by Google researchers has been infected at the same time with 50 different types of malicious code when accessing a website hosted on a kidnapped server.

Google - currently a member of the StopBadware alliance - warns users not to access websites that have been warned to be malicious. If the link to that site appears on Google's search results page, it will include a warning "This site may harm your computer" (This site may be harmful to your PC).

Hoang Dung