All that user-generated content? 95% is malware, spam

The latest research from Websense Security Labs paints a dreary but familiar picture of the state of online security threats. Echoing the bad news of other such recent reports, it seems the vast majority of the Web consists of malware and spam. Worse yet, even legitimate, well-known sites are being used to pump malware, SEO poisoning, or phishing attacks.

Websense uses a global network of systems to scan and analyze over 40 billion websites every hour, tracking malware and other unwanted content. The results for the latter half of 2009 show a 225 percent increase in malicious websites. Worse, 71 percent of websites found to contain some malicious code were in fact legitimate websites that had been compromised in some way.

One way that hackers are infiltrating the Web is by "SEO poisoning," or using SEO techniques to pump up the ranking of malicious websites in search results to make them appear legitimate. On average, 14 percent of top search results for a given "hot" topic on Google led to a malicious website.

This method has proven fairly successful, since it can easily adapt to changing search trends and get around detection. Malicious websites looking to cash in on "Google Wave invites" can use botnets to artificially inflate search rankings. As soon as the sites are discovered and filtered from search results, botnets can be instructed to move on to the next hot topic, such as "MTV VMA awards" or "Brittany Murphy death."

Still, hackers and spammers are increasingly going after legitimate websites, which already appear in top search results and often are considered "safe" or "trusted" by security filters. The top 100 most-visited websites represent the vast majority of Web traffic, and consist mainly of social networking and search sites. Malware is injected via "user-generated content," such as news items, posted links, and comments.

Spotting a spam comment used to be quite easy, but separating the wheat from the chaff is becoming more and more difficult. Websense analysis revealed that 95 percent of all user-generated content is spam, malware, or both. (The notion that the Internet could be the great equalizer turned out to be true after all; unfortunately, it's mostly making suckers out of all of us.)

Attacks are also becoming more and more sophisticated and targeted. E-mail is still largely spam, about 85 percent, but 81 percent also contains links to malicious websites. In the second half of 2009, hackers used exploits in Internet Explorer, Outlook Web Access, and hacked Hotmail, Gmail, and Yahoo accounts to send ever-more personalized e-mails, which can fool the receiver into believing the e-mail came from a legitimate source. These e-mails will then link back directly to malware or phishing sites, or indirectly by linking to content on a legitimate site that leads to a malicious website.

Savvy users who maintain constant vigilance may not have too much trouble spotting attempts to hijack legitimate content. Ultimately, however, the increases in malicious websites or content that appear to be legitimate simply make it harder and harder for the average person to know who, or what, to trust online. And when just five percent of user-generated content isn't spam or malware, many may question the utility of bothering to discern a difference.

Source: ars technica

Tags: Internet, spam

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

Galaxy Note10 really is built around a 6.7-inch display
You may still be able to download your content
Facebook, Messenger and Instagram are all going away
Minimize apps to a floating, always-on-top bubble
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apple’s 2018 line-up
The 2001 operating system has reached its lowest share level
The entire TSMC 5nm design infrastructure is available now from TSMC
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (16)