I found an interesting link after visiting Zeno’s post on a Malware paper produced by Google to document malware on the internet. Firstly, let me start by saying, this is a really good paper, as it discusses the ways in which malware propagates. Not that it’ll be news to anyone who reads this site religiously, but it’s still interesting to see all our theories validated.
Secondly, be wary of the statistic 1 out of 10 websites have malware. Google hand selected 17 million and only did a deep dive into 4.5 million sites out of their own repository. It’s well known that Google does not spider the entire internet (it’s a very small portion in reality) and also, they picked those URLs because they were likely conduits. They weren’t arbitrary. So let’s just take that statistic off the table. Yes, the Internet is a scary place, but not 1 out of 10 sites actively trying to screw you scary.
But back to the interesting stuff for a minute. They point to a large number of the exploits found having to do with website vulnerabilities, including those found within ASP and PHP and additionally a big chunk was delivered through holes in the site that allowed XSS. That XSS may have been intentional in the case of widgets or advertising or not, but in the end, it’s bad.
I should also point out that this doesn’t say anything about sites that attempt to do things like CSRF, or servers that have been compromised in other ways that allow the attacker to quietly steal user data. For instance, SQL injection or server vulnerabilities that just allow a back door into the system to pull confidential info out of the database.