Mainstream Euro Websites Host More Malware than Porn Sites
YNOT EUROPE – Despite a mid-June report that surfing adult websites leads to increased risk of malware infection, a Prague-based security firm on Monday said exactly the reverse may be true.
According to a report from Avast Software, developer of award-winning antivirus systems, surfers are in far more danger of suffering drive-by or other malware infections from legitimate or mainstream websites than from online porn.
“We are not recommending people to start searching for erotic content — not at all,” Avast Chief Technology Officer Ondrej Vlcek said. “But the statistics are clear: For every infected adult domain we identify, there are 99 others with perfectly legitimate content that are also infected.”
In the UK, for example, Avast has seen more infected domains containing the word “London” (such as the blog section of Kensington-London-Hotels.co.uk) than domains containing the word “sex.” In one notorious recent case, the Vodafone UK website transmitted infections to thousands of smartphone users, demonstrating “how advanced the bad guys are at finding ways to deliver the malware to internet users,” Vlcek said.
The infection of Vodafone, which was confirmed as still present Monday morning, is an HTML:Script-inf which evolved from two JavaScript redirect exploits (JS:illRedir and JS:illiframe). This type of infection is widespread and accounts for 20 percent of all infected UK pages, Vlcek noted. The infection takes advantage of a two-week-old Microsoft Windows vulnerability.
“The problem is particularly bad because the CVE-2010-1885 vulnerability targets the most widely used version of Windows, and at the present time it is still un-patched,” Vlcek said. “This means that even if a user is running a fully updated Windows XP SP3 [system] with all the security patches, the user is still vulnerable.”
Vodafone HTML pages seem to be particularly subject to malware invasions, Vlcek noted. Another threat lies in the BlackBerry.Vodafone.co.uk sub-domain, and has for several weeks. Although the malicious code is active on the pages, the script attempts to redirect users to a “payload site” that has been pulled offline.
“Users browsing the Vodafone domain should be safe [for now], until a new hack/updated hack will be performed,” Avast researcher Miloslav Korenko told The Register. “Of course, the Blackberry section of Vodafone.co.uk website needs to be cleaned as well, to prevent future attacks similar to this one.”
According to Korenko, the Vodafone hacks are typical of the type that composes one in five website infections. Avast culls its statistics from anonymous security incident logs submitted by users of its software. Collected data includes malware type, visited website and type of tested application.
Other commonly infected mainstream sites include Brazilian software download site Baixaki and a variety of small business sites in Germany. However, a declining rate of infections on adult websites has composed a clear trend since last year, Vlcek said.
Comments are closed.