Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

One Million Sites Infected With Malware In Q2

CmdrTaco posted more than 4 years ago | from the show-me-the-pinkee dept.

Security 42

Trailrunner7 writes "More than one million Web domains were infected with malicious code in the second quarter of 2010 — around one percent of all active Web domains, according to new data. The number of infected domains was extrapolated from data gained through a sample scan of what Dasient describes as 'millions of Web sites,' as well as from customer deployments. It suggests that compromises of Web sites are on the rise, as attackers look to push out malicious programs through so-called drive by download attacks."

cancel ×

42 comments

Sorry! There are no comments related to the filter you selected.

Erm? (0, Offtopic)

ciderbrew (1860166) | more than 4 years ago | (#33600928)

Well done!

Re:Erm? (0, Offtopic)

SpaceLifeForm (228190) | more than 4 years ago | (#33602008)

Microsoft is innovative!

Of course you have. (3, Funny)

AnonymousClown (1788472) | more than 4 years ago | (#33600940)

Web anti malware firm Dasient has published data claiming that more than 1 million Web sites were compromised in the second quarter, 2010 - a sharp increase.

*In Sean Connery's James Bond voice* Of course they have.

Re:Of course you have. (1)

camperslo (704715) | more than 4 years ago | (#33604316)

It's been a busy year for malware with many recent reports of issues [theregister.co.uk] .

GData Software , a German anti-virus firm, reports [gdatasoftware.co.uk] "Malware for Windows the undisputed number 1
Windows users are still the number one target: 99.4 percent of all new malware of the first half of this year was written for Microsoft's operating system. The other 0.6% targeted systems that contain e.g. Unix or Java technologies." That .6 % includes phones.
Of the 1,017, 208 new malware programs, over a million target Windows.

I don't know about 1 million in Q2 2010, but... (0)

Anonymous Coward | more than 4 years ago | (#33604416)

"Web anti malware firm Dasient has published data claiming that more than 1 million Web sites were compromised in the second quarter, 2010 - a sharp increase. *In Sean Connery's James Bond voice* Of course they have." - by AnonymousClown (1788472) on Thursday September 16, @12:25PM (#33600940)

I don't know about THAT, however? Well - I DO know that my personal custom HOSTS file is nearly @ 1 million absolutely unique entries of known bad sites/servers, and it took me nearly 10++ yrs. now to get it to that # no less!

I populate it from very reputable & reliable sources listed below:

----

http://ddanchev.blogspot.com/ [blogspot.com]
http://www.malware.com.br/lists.shtml [malware.com.br]
http://securitylabs.websense.com/content/alerts.aspx [websense.com]
http://www.stopbadware.org/ [stopbadware.org]
http://blog.fireeye.com/ [fireeye.com]
http://mtc.sri.com/ [sri.com]
http://www.scansafe.com/threat_center/threat_alerts [scansafe.com]
http://news.netcraft.com/ [netcraft.com]
http://www.shadowserver.org/ [shadowserver.org]
https://zeustracker.abuse.ch/monitor.php?filter=online [abuse.ch]
http://en.wikipedia.org/wiki/Hosts_file [wikipedia.org]
http://www.mvps.org/ [mvps.org]
http://someonewhocares.org/ [someonewhocares.org]
http://hostsfile.mine.nu/hosts0 [hostsfile.mine.nu]
http://hosts-file.net/?s=Download [hosts-file.net]
http://www.stopbadware.org/home [stopbadware.org]

+ Spybot "Search & Destroy" IMMUNIZE feature add ons also...

----

In fact, as far as growth this summer alone? It's been more than usual, and last summer last year was the same it seems/iirc too...

However: Ahem - 1 million++ new known bad sites &/or servers, & in just 1 quarter?

(Hey, anything's possible, but that's a bit "excessive/steep" imo @ least... still, one never knows! Still, I somehow DOUBT it's that bad out there. Yes, it's bad, but not THAT bad... I don't think so @ least, and I tend to keep pretty steady-eddy tracking of this up (for over 10++ yrs. now @ sites & sources such as those listed above via populating my custom HOSTS file for both added security AND added speed))

I.E./E.G.-> The # of entries of known bad sites &/or servers in my HOSTS file, which a great deal of came from my sources listed above no less, had grown this year from July 15th 2010 to Sept. 15th 2010 by almost 18,000 entries alone at the tail-end of this summer alone (up to 881, 543++ total entries, & gaining typically between 50-250 more each day).

It's crazy out there now, but it doesn't affect "me or mine", because I cannot be hurt by that which I cannot enter to get hurt by it, such as a bad website that's malscripted or bears a malware, because that's what HOSTS files do, at least part in the way of security (and more for speed such as adbanner blocking (which also helps security too, because many a banner ad has been found with malicious code in it too the past few years now as well), and site IP-to-URL hardcoding): HOSTS files, if done right, can keep you from getting burned in a bogus kitchen, so-to-speak!

Still - 1 million++ new known bad sites in just 1 quarter this year 2010? I have trouble with that estimation, in believing it to be blunt about it, & yes, I have been looking at this type of data for quite a long time now (over 10++ yrs. in fact, in making a custom HOSTS file to protect vs. this type of lunacy).

APK

P.S.=> Since I am on the topic of HOSTS files here? Well, here is my usual on them too, why not:

10 ADVANTAGES OF HOSTS FILES OVER BROWSER ADDONS ALONE, & EVEN DNS SERVERS:

1.) HOSTS files eat A LOT LESS CPU cycles than browser addons do no less (since browser addons have to parse each HTML page & tag content in them)!

2.) HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are. HOSTS files cover & protect (for security) and speed up (all apps that are webbound) any app you have that goes to the internet (specifically the web).

3.) HOSTS files allow you to bypass DNS Server requests logs (via hardcoding your favorite sites into them to avoid not only the TIME taken roundtrip to an external DNS server, but also for avoiding those logs OR a DNS server that has been compromised (see Dan Kaminsky online, on that note)).

4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

5.) HOSTS files also allow you to not worry about a DNS server being compromised, or downed (if either occurs, you STILL get to sites you hardcode in a HOSTS file anyhow in EITHER case).

6.) HOSTS files are EASILY user controlled, updated and obtained (for reliable ones see mvps.org ) & edited too, via texteditors like Windows notepad.exe or Linux nano or kate (etc.)

7.) HOSTS files aren't as vulnerable to "bugs" either like programs/libs/extensions of that nature are, OR even DNS servers, as they are NOT code, & because of what's next too

8.) HOSTS files are also EASILY secured well, via write-protection "read-only" attributes set on them, or more radically, via ACL's even.

9.) HOSTS files are a solution which also globally extends to EVERY WEBBOUND APP YOU HAVE - NOT just a single webbrowser type (e.g. FireFox/Mozilla & its addons exemplify this, such as ADBLOCK) and you already own one, and they run on any OS that uses the BSD reference design IP stack (all of them today pretty much if NOT all of them).

10.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - You might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own, & this? This stops that cold, too! Bonus...

Still, it's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock, &/or NoScript!

(Especially the latter one in NoScript: I mention it, because it covers what HOSTS files can't in javascript (which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security").

****

Of course, you also have to note that ADBLOCK IS DETECTABLE ITSELF, AND BLOCKABLE, also! Proof? Ok:

----

ArsTechnica blocking Adblock?

https://adblockplus.org/forum/viewtopic.php?f=2&t=5266 [adblockplus.org]

----

However, they could NOT do that to HOSTS files users though! So, due to that? See the above 10 points in favor of HOSTS files (especially over adblock alone)...

Best part of all is, HOSTS files are 100% FREE, and they work (you already own one) and reliable reputables copies can be obtained from these sources: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] (MVPS version) as a single example thereof... apk

*domains* infected? What? (5, Insightful)

Kaz Kylheku (1484) | more than 4 years ago | (#33600978)

A domain is a node in the DNS namespace. How does that get infected?

If a web server hosts 20 domains, and is infected, does that count as 20 infections?

"Web site", "domain" and "host" are not interchangeable.

Um yeah.. (4, Funny)

DrgnDancer (137700) | more than 4 years ago | (#33601002)

The only Malware we were infected by in Q2 was McAfee. It decided a few critical systems files were viruses and shut us down for hours. Stupid Malware creators.

Re:Um yeah.. (2, Funny)

Ironhandx (1762146) | more than 4 years ago | (#33601266)

Windows 7 decided that an executable that I had on my computer(that I myself had just compiled) was a trojan and over reacted so hard that it fragged explorer.

Fun times for all!

Re:Um yeah.. (2, Insightful)

vux984 (928602) | more than 4 years ago | (#33601366)

Windows 7 decided that an executable that I had on my computer(that I myself had just compiled) was a trojan...

I'm curious why you think Windows 7 was wrong? ;)

Re:Um yeah.. (2, Interesting)

mcgrew (92797) | more than 4 years ago | (#33602742)

Well, if it had been Linux that told him it was a trojan Linux would have been wrong, because it was his own program. But since Microsoft really owns all Windows computers (ragardless of who paid for them) Windows was right. Keep your nasty programs off of Bill's computer! You can only run what Bill allows you to run.

Re:Um yeah.. (1)

vux984 (928602) | more than 4 years ago | (#33603000)

Well, if it had been Linux that told him it was a trojan Linux would have been wrong, because it was his own program.

Actually the fact that he compiled or even wrote it himself doesn't at all remove the possibility that it is a trojan.

Re:Um yeah.. (1)

mcgrew (92797) | more than 4 years ago | (#33604284)

It isn't a trojan until it gets in someone else's machine. If you know it's a trojan and you install it anyway, it's no longer a trojan. Suicide isn't murder. A firearm isn't a weapon until it's aimed at a human; a .22 to hunt squirrels is a hunting rifle, although it can still be used as a weapon.

However, you're right that it could have been meant to be a trojan, and yes, it's possible to trojan a Linux box.

Re:Um yeah.. (1)

Aighearach (97333) | more than 4 years ago | (#33605298)

Lets ask the squirrel about that one.

Oh, wait.

I am a squirrel you insensitive clod!

Re:Um yeah.. (2, Insightful)

vux984 (928602) | more than 4 years ago | (#33605330)

It isn't a trojan until it gets in someone else's machine. If you know it's a trojan and you install it anyway, it's no longer a trojan.

1) Just because he compiled it, doesn't mean he knew it was a trojan. One could download source from the web and compile it, and get a trojan as a result.

2) Even if he wrote it, it could be the result of a multiple-personality disorder coding against him... :D

3) I disagree that intent matters. Even if he wrote it himself, knowing full well what it was... I'm not sure I buy the idea that deliberately installing a trojan on purpose makes it any less a trojan.

Had the king of Troy divined that the greeks's had stashed some soldiers in the 'trojan horse' and he brought it into the city anyway... and then promptly burnt it to the ground. Well... it was still a "trojan horse". Similarly when a security researcher deliberately obtains a trojan to dissect, it is still a trojan.

A firearm isn't a weapon until it's aimed at a human

A crossbow aimed at a rabbit is a weapon. A machine gun in a crate is a weapon. A nuclear missile waiting in its silo is a weapon.

Indeed it would be impossible to build weapons, test weapons, find weapons, or sell weapons if they didn't exist until humans were in the cross hairs -- yet there isn't a person on the face of the earth who would be confused by any of those terms.

Re:Um yeah.. (1, Funny)

Anonymous Coward | more than 4 years ago | (#33601418)

Ummm, Windows 7 can't decide anything is a trojan. Your antivirus software may have, which may happen to be Microsoft Antivirus, but that is no more Windows 7 than Word is. Also, as a dev you should know better than to real time scan your dev directories, that kind of shit happens.

Re:Um yeah.. (1, Funny)

Anonymous Coward | more than 4 years ago | (#33601860)

Ummm, Windows 7 can't decide anything is a trojan. Your antivirus software may have, which may happen to be Microsoft Antivirus, but that is no more Windows 7 than Word is. Also, as a dev you should know better than to real time scan your dev directories, that kind of shit happens.

No, it was Windows7AntiVirus 2011. Even after I paid $30 it wouldn't clean it. And they charged my credit card twice! At least it runs better than XPAntivirus 2010 did on Windows 7.

All kidding aside, Microsoft Security Essentials is a good program.

Re:Um yeah.. (1)

alvinrod (889928) | more than 4 years ago | (#33602200)

This was modded funny, but he's not actually joking. McAfee did have this problem that caused a machine to go into a cycle of continuous reboots. Here's the Slashdot story covering the issue. [slashdot.org] I remember being on vacation when it happened and the sysadmins saying that it caused all sorts of headaches for them.

McAfee probably has probably caused more problems for us than actual virus infections as well. Not to mention that it's an evil piece of bloatware the slows down machines horrible. By my estimates upgrading our dual-core machines to quad-core machines should result in up to a 3x performance increase. McAfee continues to peg one core and the other three are free to do something useful. The only thing it's really doing is speeding up the heat-death of the universe.

Less and less active... (3, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#33601112)

It seems like in reality virus/adware/spyware infections are down to very, very low levels.

It used to be in the late 90s to early-to-mid 2000s there would be people left and right with adware that popped up stuff and computers would grind to a halt. Today, I'm not seeing that on anyone's computer that I've done tech support for. I have seen a bunch of systems grind to a halt due to Norton/McAfee, but none caused by viruses/spyware/adware/etc. The only thing I can think of is that IE7 and beyond stepped up security enough to make a major impact.

So even though "threat analyzers" pull up scary numbers, I'm not seeing the results in the wild.

Re:Less and less active... (4, Insightful)

HungryHobo (1314109) | more than 4 years ago | (#33601210)

it just means the malware authors have grown up and want a paycheck.
It used to be that half the viruses were showy things written by amatures who wanted to fuck around.
most of the rest were trying to cash in on ad revenue from popups.

Now there's less money in popups(most of the big ad providers don't like being associated with malware) so the malware just sits quietly trying to steal your credit card number.
The more stealthy the more successful.

Re:Less and less active... (1)

NJRoadfan (1254248) | more than 4 years ago | (#33601284)

Most malware nowadays isn't as "visible" as it once was. A lot of it is bot net clients working in the background or browser redirects. The stuff is a royal PITA to find and remove as well.

How many of these sites that were flagged as infected really are? Quite a few ad networks have "poisoned" ad banners in rotation that exploit Flash/Acrobat bugs and have malware payload... did any of these sites, that just happened to be showing one of those ads, get counted as infected?

Re:Less and less active... (1, Interesting)

Anonymous Coward | more than 4 years ago | (#33601420)

If the site serves up an infected ad, the site is infected. Sounds fair to me; if I go to the site, will my computer be attacked? I really don't care if the attack stems from an embedded ad hosted on another server.

Re:Less and less active... (1)

prshaw (712950) | more than 4 years ago | (#33601852)

>> The only thing I can think of is that IE7 and beyond stepped up security enough to make a major impact

Or maybe, just maybe, Norton/McAfee is actually doing something usefull?

Re:Less and less active... (1)

drcheap (1897540) | more than 4 years ago | (#33601856)

The only thing I can think of is that IE7 and beyond stepped up security enough to make a major impact.

mod parent funny

Re:Less and less active... (1, Informative)

Anonymous Coward | more than 4 years ago | (#33601928)

Ahahahaha. You've gotta be kidding, right? I work at a computer repair shop and we're seeing half a dozen machines a day getting checked in for malware/malicious software infections. Machines running full antivirus, with patched Windows updates. People GO LOOKING for trouble. When you tell them that clicking the "Dislike" button on Facebook is serving up evil JavaScript and it's not real, or just scan their LimeWire folder and watch them cry, the look on their faces is priceless. People are getting owned every freakin' day, it's just that you never see that side of things because you probably run Linux + NoScript in some sandboxed VM or some shit. Malware is fsck'in EVERYWHERE and your average computer user is just chillin' without a clue on the chopping block.

Re:Less and less active... (1)

Pharmboy (216950) | more than 4 years ago | (#33603320)

I would agree with your assessment. The viral material found on computers is different than 10 years ago, and often the AV catches it in time and just quarantines it, but a quick look at the logs verifies that there is a lot more activity (and profit) in pwning computers today than 10 years ago, as well as more sophisticated methods of serving the malware up.

Re:Less and less active... (0)

Anonymous Coward | more than 4 years ago | (#33602940)

That's mainly because companies like Direct Revenue were shut down. The founders, Alan Murray, Joshua Abram, Daniel Kaufman and Rodney Hook were let off with a slap on the wrist then slithered off into the night. But at least their illegal behavior was stopped.

Here's all the dirty details:
http://www.benedelman.org/news/040706-1.html [benedelman.org]

Re:Less and less active... (1)

ls671 (1122017) | more than 4 years ago | (#33606970)

> but none caused by viruses/spyware/adware/etc

can you please tell me where that etc folder is located ?

I would like to have a look at it to make sure I am safe but I just can't find it.

Thanks ! ;-)

myhost:~# ls /viruses/spyware/adware/etc
ls: /viruses/spyware/adware/etc: No such file or directory
myhost:~# find / | grep viruses/spyware/adware/etc
myhost:~#

Re:Less and less active... (1)

WuphonsReach (684551) | more than 4 years ago | (#33607798)

It seems like in reality virus/adware/spyware infections are down to very, very low levels.

No, they're just more subtle. At least the ones that are attempting to build a botnet to use for DDoS, web hosting of illegal or fraudulent content, or as spam zombies.

But there's also a lot of them that do click-jacking, ad-insertion, or simply misbehave that frankly... even on a patched Windows box, allowing Javascript/Flash to run from every site out there is a bad idea. It's still the primary infection method (and has been for a few years).

It hasn't gotten better, in fact it's gotten a lot worse over the past 3 years. Used to be, we could keep our machines clean if we were careful where we browsed and kept things patched. That's no longer good enough and I see users constantly getting infected by websites. Not seedy websites either, legit and mainstream websites get hacked or they serve up malicious ads from 3rd party networks (hacked or being paid by hackers to serve the ads). I have at least half a dozen acquaintances who end up infected at least once a quarter - until I have them switch over to Firefox+AdBlock or Firefox+NoScript+FlashBlock.

Things are proceeding pretty much right along the path I predicted 2-3 years ago. Javascript/Flash are still the primary attack vectors and more and more people are turning it off, or selectively whitelisting. Blacklisting can't keep up. Signatures can't keep up. Heuristics might, but run the risk of enough false positives that users turn it back off. It's going to eventually kill the rich media ads - because nobody is going to be willing to run Javascript/Flash from random 3rd party sites. Or the sites will start hosting the ads locally, and open themselves up to liability lawsuits for hosting malicious content. (Oh joy.) That's going to do a number on a lot of ad-supported community sites that try to survive by serving up ads.

Re:Less and less active... (0)

Anonymous Coward | more than 4 years ago | (#33609826)

Well, you obviously do not have much experience in the wild... Malware infection for windows machines is rampant! I work as a support tech and at least 9 out of 10 computers I get for repairs are malware-ridden...

Websites get infected because stupid webmasters store their passwords in plain text in tools like Filezilla, and the first trojan around leeches everything and voila.

It's ok... (0)

Anonymous Coward | more than 4 years ago | (#33601258)

Ninety percent of the infections are just on domain parks that nobody really wants to visit.

Malware.. (1)

iONiUM (530420) | more than 4 years ago | (#33601300)

It's like a parasite. It's spreading everywhere. We even use parasitical terms for it (worm, virus, etc). How long until the bulk of the internet becomes supported by this shit? It's kind of sad to see.

Re:Malware.. (1, Funny)

Anonymous Coward | more than 4 years ago | (#33601460)

Calm down. Take a deep breath. Everything is OK.

Re:Malware.. (1)

Sir_Lewk (967686) | more than 4 years ago | (#33601514)

You say it like this is some sort of recent development... this stuff has been around since at least the 70s. Talked about well before then.

And how exactly does malware "support the internet"?

Re:Malware.. (1)

drcheap (1897540) | more than 4 years ago | (#33601906)

And how exactly does malware "support the internet"?

Yeah, it's more that the internet (or rather the users of it) supports the malware/viruses by being ignorant and clicking on stuff that is blatently not what it claims to be.

That many? Really? (1)

Drakkenmensch (1255800) | more than 4 years ago | (#33601362)

Was this study funded by Symantech? Or possibly Mcafee?

I would love to see more data (1)

Ynsats (922697) | more than 4 years ago | (#33601438)

Specifically how many of the sites are pr0n or gambling sites.

how many are SCADA? (1)

bl8n8r (649187) | more than 4 years ago | (#33601870)

..running stuxnet? That's what I really want to know.

No wonder (3, Interesting)

Intron (870560) | more than 4 years ago | (#33602054)

Here's what I see when I go to the linked article:

"Additional plugins are required to display all the media on this page [Install Missing Plugins]"

The web is no longer a provider of linked information. It is a distributed application, portions of which want to run on my PC.

sex 3ith a troll (-1, Troll)

Anonymous Coward | more than 4 years ago | (#33602454)

So, CowboyNeal ... (1)

PPH (736903) | more than 4 years ago | (#33603050)

..., when are you going to allow the <script> tag for Slashdot submissions?

Useless article (1)

erroneus (253617) | more than 4 years ago | (#33603096)

From a "sample" (of unspecified size) they were able to determine that the global internet has at least one million sites infected with malware in Q2?

I need to see the qualifying data to believe this. I would also like to see a breakdown of what software is being run on various servers. Without these bits of information, this is nothing more than an advertisement.

Rrrrriiiight... (1)

IonOtter (629215) | more than 4 years ago | (#33606334)

Right, okay, fine. Sites like grabbernosepickle, chickendiesel, omniflightboxtops and coldrussianmedicationgirls.com are all infected with malware. Ooooh, scary. I'm quaking in my boots, here.

Seriously, if the domain is seen in a spam, chances are it's infected. Now, if only we could nuke those idiots who actually click on links in spam...

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?