Tuesday, February 19, 2008

Google Report on Web Attacks

According to a recent report by Google, as many as one in a 1,000 web pages carry malicious code or links to malicious code. The report, which called the majority of attacks "drive-by downloads," isn't really news. Web attacks are the hacker tool of choice these days as firewalls and networks have gotten tougher.

The report was compiled by Neils Provo, a senior researcher at Google, and some of his colleagues.

What's new is the scale of affected sites. What's not new, again, is that even good, clean, well-meaning sites -- not just porn -- can be seeded with malware. You're not safe if even if you're cyberchaste and avoid porn, gambling or other vice and sleaze sites.

A post on Google's security blog noted part of the problem is that 38% of versions of Apache and PHP are outdated. As a result, these web servers are susceptible to the types of injection attacks that dump malware on their web sites.

Now, that said, there's always the possibility Google could tag a legitimate site as malicious. But, not to worry, Google has that covered too. They have instructions on what to do if they've fingered your site.

They also have an explanation of how they find sites with malware and some general tips on securing your web site.


Post a Comment

<< Home