Many people thing that the majority of the malware on the Internet comes from so called “bad” sites such as porn, gambling, dating sites, etc causing what is termed a “drive by download” where an unsuspecting user visits a site that looks legitimate but it actually silently downloads and installed malware on the PC. A recent Google report shows that it isn’t just porn sites that are causing malware drive bys.

Niels Provos, a friend and great researcher, posts on the Google Online Security Blog that of the 7 million URLs they searched and cross referenced within DMOZ (an open directory of website), every DMOZ category contained a malicious website that did a drive by download. That’s right, attackers realize that people look at more than just porn on the Internet and have adjusted their sites to cater to pretty much any type of content.

Why is this important? Well it goes to show you that limiting Internet access(read web content filtering) to your corporate users based on a couple simple categories isn’t going to prevent malware from firing a drive by on one of your workstations. You still need to implement a defense in depth strategy and have other technologies helping prevent the drive by malware attack.

Source: http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-to-us.html

This entry was posted on Monday, February 18th, 2008 at 8:29 am and is filed under Network security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.