One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user's PC.
Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to "in-depth analysis".
About 450,000 were capable of launching so-called "drive-by downloads", sites that install malicious code, such as spyware, without a user's knowledge.
A further 700,000 pages were thought to contain code that could compromise a user's computer, the team report.
To address the problem, the researchers say the company has "started an effort to identify all web pages on the internet that could be malicious".
Drive-by downloads are an increasingly common way to infect a computer or steal sensitive information.
They usually consist of malicious programs that automatically install when a potential victim visits a booby-trapped website.
"To entice users to install malware, adversaries employ social engineering," wrote Google researcher Niels Provos and his colleagues in a paper titled The Ghost In The Browser.
"The user is presented with links that promise access to 'interesting' pages with explicit pornographic content, copyrighted software or media. A common example are sites that display thumbnails to adult videos."
The vast majority exploit vulnerabilities in Microsoft's Internet Explorer browser to install themselves.
0 comments:
Post a Comment