AVG notes rise in number of malicious Web sites

Web sites rigged with malicious code are becoming more numerous by the day, according to new research from security vendor AVG Technologies.

Web sites rigged with malicious code are becoming more numerous by the day, but the time those sites are online is declining, according to new research from security vendor AVG Technologies.

AVG is seeing between 200,000 to 300,000 new Web sites per day hosting code that can in some cases result in a PC being infected with malware just by visiting the site, said Roger Thompson, AVG's chief research officer.

Up to 70 percent of those Web sites are regular ones that have been hacked in order to host malicious code, a statistic that shows how poor Web site security is across the Internet. The remainder are custom-built sites, he said.

Of those custom-built sites, however, there is some positive news. One common social-engineering trick is to put up a Web site offering codecs, or bits of software used to encode and decode video files. While purporting to be a codec, the file is often malicious software designed to steal data.

AVG found that up to 94 percent of the fake codec Web sites are taken offline within 10 days, with 62 percent taken down in a day or less. In the past, the sites may have stayed online as long as two weeks, showing that ISPs (Internet service providers) appear to be acting faster to remove them and current mechanisms for reporting bad Web sites are having an impact.

Still, the sheer number of sites infected may mean that the time online is less important as long as the hackers are attracting traffic.

Thompson said many hackers seek out less-professional Web sites with unpatched versions of "htaccess," a configuration file used to manage access to certain pages on a Web site.

Htaccess is a powerful file, since it can be manipulated to redirect users to other Web sites depending on how they came to the Web site, Thompson said. For example, it can be configured to direct users who found the Web site through Yahoo or Google to a different, hostile Web site which looks to see if the PC is potentially hackable.

But if the hostile Web site is being visited by a bot and not coming from a search engine, the site will refuse to serve up any exploits, making it difficult for security analysts to automatically scan the Web for bad sites, Thompson said.

However, hackers are getting lazy. They often reuse the same JavaScript and HTML (Hypertext Markup Language) code used to launch attacks, which makes those attacks easy to identify. That's good, since the underlying binary attack code can often also be tricky for security software to identify.

"That's a pretty good bottleneck," Thompson said. "It's like having a letter bomb with the outside of the envelope saying 'I'm a bomb'."

Thompson developed a product called LinkScanner that scans Web sites to see if it hosts malware. He sold his company, Exploit Prevention Labs, to AVG -- then Grisoft -- in December 2007. AVG has since incorporated LinkScanner into its free product, AVG 8.0 Free Edition.

Tags exploits and vulnerabilitiessecurityAVG

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?