All that user-generated content? 95% is malware, spam

The latest research from Websense Security Labs paints a dreary but familiar picture of the state of online security threats. Echoing the bad news of other such recent reports, it seems the vast majority of the Web consists of malware and spam. Worse yet, even legitimate, well-known sites are being used to pump malware, SEO poisoning, or phishing attacks.

Websense uses a global network of systems to scan and analyze over 40 billion websites every hour, tracking malware and other unwanted content. The results for the latter half of 2009 show a 225 percent increase in malicious websites. Worse, 71 percent of websites found to contain some malicious code were in fact legitimate websites that had been compromised in some way.

One way that hackers are infiltrating the Web is by "SEO poisoning," or using SEO techniques to pump up the ranking of malicious websites in search results to make them appear legitimate. On average, 14 percent of top search results for a given "hot" topic on Google led to a malicious website.

This method has proven fairly successful, since it can easily adapt to changing search trends and get around detection. Malicious websites looking to cash in on "Google Wave invites" can use botnets to artificially inflate search rankings. As soon as the sites are discovered and filtered from search results, botnets can be instructed to move on to the next hot topic, such as "MTV VMA awards" or "Brittany Murphy death."

Still, hackers and spammers are increasingly going after legitimate websites, which already appear in top search results and often are considered "safe" or "trusted" by security filters. The top 100 most-visited websites represent the vast majority of Web traffic, and consist mainly of social networking and search sites. Malware is injected via "user-generated content," such as news items, posted links, and comments.

Spotting a spam comment used to be quite easy, but separating the wheat from the chaff is becoming more and more difficult. Websense analysis revealed that 95 percent of all user-generated content is spam, malware, or both. (The notion that the Internet could be the great equalizer turned out to be true after all; unfortunately, it's mostly making suckers out of all of us.)

Attacks are also becoming more and more sophisticated and targeted. E-mail is still largely spam, about 85 percent, but 81 percent also contains links to malicious websites. In the second half of 2009, hackers used exploits in Internet Explorer, Outlook Web Access, and hacked Hotmail, Gmail, and Yahoo accounts to send ever-more personalized e-mails, which can fool the receiver into believing the e-mail came from a legitimate source. These e-mails will then link back directly to malware or phishing sites, or indirectly by linking to content on a legitimate site that leads to a malicious website.

Savvy users who maintain constant vigilance may not have too much trouble spotting attempts to hijack legitimate content. Ultimately, however, the increases in malicious websites or content that appear to be legitimate simply make it harder and harder for the average person to know who, or what, to trust online. And when just five percent of user-generated content isn't spam or malware, many may question the utility of bothering to discern a difference.

Source: ars technica

Tags: Internet, spam

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
The NVIDIA GeForce GTX 1180 will be Turing-based with a 12nm FinFET die shrink
 
This only works on posts made by profiles that are public
 
 
The device will be standalone and based on a Qualcomm chipset
 
Apple plans on offering a cheaper smart speaker that will be priced at $199
 
Chrome will adopt a new approach to indicating site security
 
Data shows they are leading smartphone sale worldwide
 
Is this an error or it is really happening?
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
  12345
6789101112
13141516171819
20212223242526
2728293031  




Poll

Do you use microSD card with your phone?
or leave your own version in comments (10)