Google Finds 10% of Sites to be Dangerous

Google Inc.


google4.jpg

Type Public (NASDAQ: GOOG), (LSE: GGEA)
Founded
Menlo Park, California (September 27, 1998)
Headquarters
Mountain View, California, USA
Key people Eric E. Schmidt, CEO/Director
Sergey Brin, Co-Founder, Technology President
Larry E. Page, Co-Founder, Products President
George Reyes, CFO
Industry Internet, Computer software
Products See list of Google products
Revenue 10.604 Billion USD (2006)
Net income 3.077 Billion USD (2006)
Employees 12,238 (March 31, 2007)
Website www.google.com


Google has done a study of millions of Web sites and finds security problems in around 10%. ZDNet reports: The search giant carried out in-depth research on 4.5 million Web sites and found that about one in 10 Web pages could successfully “drive-by download” a Trojan horse virus onto a visitor’s computer. Such malicious software potentially enables hackers to access sensitive data stored on the computer or its network, or to install rogue applications. A PDF file of the Google study, “The Ghost in the Browser,” can be downloaded here. The report cites JavaScript and ActiveX as a popular means for the viral downloads: To install malware automatically when a user visits a web page, an adversary can choose to exploit flaws in either the browser or automatically launched external programs and extensions. This type of attack is known as drive-bydownload. Our data corpus shows that multiple exploits are often used in tandem, to download, store and then execute a malware binary.A popular exploit we encountered takes advantage of a vulnerability in Microsoft’s Data Access Components that allows arbitrary code execution on a user’s computer [6]. The following example illustrates the steps taken by an adversary
to leverage this vulnerability into remote code execution:• The exploit is delivered to a user’s browser via an iframe on a compromised web page.

• The iframe contains Javascript to instantiate an ActiveX
object that is not normally safe for scripting.

• The Javascript makes an XMLHTTP request to retrieve
an executable.

• Adodb.stream is used to write the executable to disk.• A Shell.Application is used to launch the newly written
executable. A twenty line Javascript can reliably accomplish this sequence of steps to launch any binary on a vulnerable installation. Depending on your security settings, these threats can be mitigated. I have discussed configuring your browser for greater safety in some depth
at another site.. Note that disabling scripting for sites not specifically trusted is a defense that I have discussed before and one that I personally use. You have to put up with some annoyance but security always has a price in convenience.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: