One Million Sites Infected With Malware In Q2

Trailrunner7 writes "More than one million Web domains were infected with malicious code in the second quarter of 2010 — around one percent of all active Web domains, according to new data. The number of infected domains was extrapolated from data gained through a sample scan of what Dasient describes as 'millions of Web sites,' as well as from customer deployments. It suggests that compromises of Web sites are on the rise, as attackers look to push out malicious programs through so-called drive by download attacks."

Re:

[SpaceLifeForm]

Microsoft is innovative!

Of course you have.

[AnonymousClown]

Web anti malware firm Dasient has published data claiming that more than 1 million Web sites were compromised in the second quarter, 2010 - a sharp increase.

*In Sean Connery's James Bond voice* Of course they have.

Re:

[camperslo]

It's been a busy year for malware with many recent reports of issues [theregister.co.uk].

GData Software , a German anti-virus firm, reports [gdatasoftware.co.uk] "Malware for Windows the undisputed number 1
Windows users are still the number one target: 99.4 percent of all new malware of the first half of this year was written for Microsoft's operating system. The other 0.6% targeted systems that contain e.g. Unix or Java technologies." That .6 % includes phones.
Of the 1,017, 208 new malware programs, over a million target Windows.

*domains* infected? What?

[Kaz Kylheku]

A domain is a node in the DNS namespace. How does that get infected?

If a web server hosts 20 domains, and is infected, does that count as 20 infections?

"Web site", "domain" and "host" are not interchangeable.

Um yeah..

[DrgnDancer]

The only Malware we were infected by in Q2 was McAfee. It decided a few critical systems files were viruses and shut us down for hours. Stupid Malware creators.

Re:

[Ironhandx]

Windows 7 decided that an executable that I had on my computer(that I myself had just compiled) was a trojan and over reacted so hard that it fragged explorer.

Fun times for all!

Re:

[vux984]

Windows 7 decided that an executable that I had on my computer(that I myself had just compiled) was a trojan...

I'm curious why you think Windows 7 was wrong? ;)

Re:

[mcgrew]

Well, if it had been Linux that told him it was a trojan Linux would have been wrong, because it was his own program. But since Microsoft really owns all Windows computers (ragardless of who paid for them) Windows was right. Keep your nasty programs off of Bill's computer! You can only run what Bill allows you to run.

Re:

[vux984]

Well, if it had been Linux that told him it was a trojan Linux would have been wrong, because it was his own program.

Actually the fact that he compiled or even wrote it himself doesn't at all remove the possibility that it is a trojan.

Re:

[mcgrew]

It isn't a trojan until it gets in someone else's machine. If you know it's a trojan and you install it anyway, it's no longer a trojan. Suicide isn't murder. A firearm isn't a weapon until it's aimed at a human; a .22 to hunt squirrels is a hunting rifle, although it can still be used as a weapon.

However, you're right that it could have been meant to be a trojan, and yes, it's possible to trojan a Linux box.

Re:

[Aighearach]

Lets ask the squirrel about that one.

Oh, wait.

I am a squirrel you insensitive clod!

Re:

[vux984]

It isn't a trojan until it gets in someone else's machine. If you know it's a trojan and you install it anyway, it's no longer a trojan.

1) Just because he compiled it, doesn't mean he knew it was a trojan. One could download source from the web and compile it, and get a trojan as a result.

2) Even if he wrote it, it could be the result of a multiple-personality disorder coding against him... :D

3) I disagree that intent matters. Even if he wrote it himself, knowing full well what it was... I'm not sure I buy

Re:

[Anonymous Coward]

Ummm, Windows 7 can't decide anything is a trojan. Your antivirus software may have, which may happen to be Microsoft Antivirus, but that is no more Windows 7 than Word is. Also, as a dev you should know better than to real time scan your dev directories, that kind of shit happens.

Re:

[Anonymous Coward]

Ummm, Windows 7 can't decide anything is a trojan. Your antivirus software may have, which may happen to be Microsoft Antivirus, but that is no more Windows 7 than Word is. Also, as a dev you should know better than to real time scan your dev directories, that kind of shit happens.

No, it was Windows7AntiVirus 2011. Even after I paid $30 it wouldn't clean it. And they charged my credit card twice! At least it runs better than XPAntivirus 2010 did on Windows 7.

All kidding aside, Microsoft Security Essentials is a good program.

Re:

[alvinrod]

This was modded funny, but he's not actually joking. McAfee did have this problem that caused a machine to go into a cycle of continuous reboots. Here's the Slashdot story covering the issue. [slashdot.org] I remember being on vacation when it happened and the sysadmins saying that it caused all sorts of headaches for them.

McAfee probably has probably caused more problems for us than actual virus infections as well. Not to mention that it's an evil piece of bloatware the slows down machines horrible. By my estimates up

Less and less active...

[Darkness404]

It seems like in reality virus/adware/spyware infections are down to very, very low levels.

It used to be in the late 90s to early-to-mid 2000s there would be people left and right with adware that popped up stuff and computers would grind to a halt. Today, I'm not seeing that on anyone's computer that I've done tech support for. I have seen a bunch of systems grind to a halt due to Norton/McAfee, but none caused by viruses/spyware/adware/etc. The only thing I can think of is that IE7 and beyond stepped up security enough to make a major impact.

So even though "threat analyzers" pull up scary numbers, I'm not seeing the results in the wild.

Re:Less and less active...

[HungryHobo]

it just means the malware authors have grown up and want a paycheck.
It used to be that half the viruses were showy things written by amatures who wanted to fuck around.
most of the rest were trying to cash in on ad revenue from popups.

Now there's less money in popups(most of the big ad providers don't like being associated with malware) so the malware just sits quietly trying to steal your credit card number.
The more stealthy the more successful.

Re:

[NJRoadfan]

Most malware nowadays isn't as "visible" as it once was. A lot of it is bot net clients working in the background or browser redirects. The stuff is a royal PITA to find and remove as well.

How many of these sites that were flagged as infected really are? Quite a few ad networks have "poisoned" ad banners in rotation that exploit Flash/Acrobat bugs and have malware payload... did any of these sites, that just happened to be showing one of those ads, get counted as infected?

Re:

[Anonymous Coward]

If the site serves up an infected ad, the site is infected. Sounds fair to me; if I go to the site, will my computer be attacked? I really don't care if the attack stems from an embedded ad hosted on another server.

Re:

[prshaw]

>> The only thing I can think of is that IE7 and beyond stepped up security enough to make a major impact

Or maybe, just maybe, Norton/McAfee is actually doing something usefull?

Re:

[drcheap]

The only thing I can think of is that IE7 and beyond stepped up security enough to make a major impact.

mod parent funny

Re:

[Anonymous Coward]

Ahahahaha. You've gotta be kidding, right? I work at a computer repair shop and we're seeing half a dozen machines a day getting checked in for malware/malicious software infections. Machines running full antivirus, with patched Windows updates. People GO LOOKING for trouble. When you tell them that clicking the "Dislike" button on Facebook is serving up evil JavaScript and it's not real, or just scan their LimeWire folder and watch them cry, the look on their faces is priceless. People are getting owned ev

Re:

[Pharmboy]

I would agree with your assessment. The viral material found on computers is different than 10 years ago, and often the AV catches it in time and just quarantines it, but a quick look at the logs verifies that there is a lot more activity (and profit) in pwning computers today than 10 years ago, as well as more sophisticated methods of serving the malware up.

Re:

[ls671]

> but none caused by viruses/spyware/adware/etc

can you please tell me where that etc folder is located ?

I would like to have a look at it to make sure I am safe but I just can't find it.

Thanks ! ;-)

myhost:~# ls /viruses/spyware/adware/etc
ls: /viruses/spyware/adware/etc: No such file or directory
myhost:~# find / | grep viruses/spyware/adware/etc
myhost:~#

Re:

[WuphonsReach]

It seems like in reality virus/adware/spyware infections are down to very, very low levels.

No, they're just more subtle. At least the ones that are attempting to build a botnet to use for DDoS, web hosting of illegal or fraudulent content, or as spam zombies.

But there's also a lot of them that do click-jacking, ad-insertion, or simply misbehave that frankly... even on a patched Windows box, allowing Javascript/Flash to run from every site out there is a bad idea. It's still the primary infection met

Malware..

[iONiUM]

It's like a parasite. It's spreading everywhere. We even use parasitical terms for it (worm, virus, etc). How long until the bulk of the internet becomes supported by this shit? It's kind of sad to see.

Re:

[Anonymous Coward]

Calm down. Take a deep breath. Everything is OK.

Re:

[Sir_Lewk]

You say it like this is some sort of recent development... this stuff has been around since at least the 70s. Talked about well before then.

And how exactly does malware "support the internet"?

Re:

[drcheap]

And how exactly does malware "support the internet"?

Yeah, it's more that the internet (or rather the users of it) supports the malware/viruses by being ignorant and clicking on stuff that is blatently not what it claims to be.

That many? Really?

[Drakkenmensch]

Was this study funded by Symantech? Or possibly Mcafee?

I would love to see more data

[Ynsats]

Specifically how many of the sites are pr0n or gambling sites.

how many are SCADA?

[bl8n8r]

..running stuxnet? That's what I really want to know.

No wonder

[Intron]

Here's what I see when I go to the linked article:

"Additional plugins are required to display all the media on this page [Install Missing Plugins]"

The web is no longer a provider of linked information. It is a distributed application, portions of which want to run on my PC.

So, CowboyNeal ...

[PPH]

..., when are you going to allow the <script> tag for Slashdot submissions?

Useless article

[erroneus]

From a "sample" (of unspecified size) they were able to determine that the global internet has at least one million sites infected with malware in Q2?

I need to see the qualifying data to believe this. I would also like to see a breakdown of what software is being run on various servers. Without these bits of information, this is nothing more than an advertisement.

Rrrrriiiight...

[IonOtter]

Right, okay, fine. Sites like grabbernosepickle, chickendiesel, omniflightboxtops and coldrussianmedicationgirls.com are all infected with malware. Ooooh, scary. I'm quaking in my boots, here.

Seriously, if the domain is seen in a spam, chances are it's infected. Now, if only we could nuke those idiots who actually click on links in spam...