Finjan Inc, a web security solutions provider, just confirmed the results that Google’s security team and IBM’s X-Force reported. The one thing the three could agree on was that online criminals are exploiting vulnerabilities in end users web browsers by using drive-by
downloads for identity theft, gaining access to online accounts and for some other illicit revenue-generating activities, M2.com writes.
Google’s Niels Provos, a security engineer, led the team that studied billions of URLs over a 10-month time period (January 2007 – October 2007). Out of the 66,534,330 URLs checked, 3,385,889 were suspicious and 3,417,590 downright malicious and pointing to 181,699 landing sites. These might just sound like numbers to many, but the impact to the end user, as the team pointed out, is that every search run through Google will return "at least one malicious result, with an average approaching 1.3 percent of the overall incoming search queries."
One study often quoted by people, who want to demonstrate that the Internet is an evil place to be, shows that starting from any site, no exception, by clicking on links provided there, you can reach porn-related content (feel free to try it if you don’t believe). It’s pretty much the same with malware, just that the proportion is much smaller: "about 0.6% of the top million URLs that appeared most frequently in Google’s search results led to exposure to malicious activity at some point," the report said. In case you often click on advertisements, you should be aware that findings pointed out that, on average, 2 percent of the malicious websites delivered their load via advertising.
The solution suggested by Finjan was that users turn to additional security technologies that are able to identify malware by its intended behavior, "as relying on signatures that only scan what web content looks like, or on URL filtering that checks where web content came from," as M2 wrote.