Wednesday, May 30

The Ghost In The Browser

I read Google's paper "The Ghost In The Browser Analysis of Web-based Malware". The fact is astonished: 10% note* of websites have malicious code to (at least try to) exploit visitor's computer, including my website.

In my website I deployed a free counter to send me report of visitors. From the report I can know when is the best time people visiting my page and how they found my website, and what kind of technology they are using: Most of my visitors are using 1024*768 monitors, which means that I should design my site according to this dimension. This kind of information is invaluable. In each page of my website I embed a short HTML code from the free counter provider to perform this survey. The provider's name was "NedStat", then changed as "webstats", and now it is "motigo webstats". I have been using this free counter since 2002.

In the Google's paper, this is an example telling webmasters to be cautious with Third-Party Widgets:
This widget used to keep statistics of the number of visitors since 2002 until it was turned into a malware infection vector in 2006... The web counter was benign for over four years and then drastically changed behavior to exploit any user visiting the site. This clearly demonstrates that any delegation of web content should only happen when the third party can be trusted.
Now it is deleted from my website.

note*: BBC said "One in 10 web pages scrutinised contained malicious code". Maybe that is not true. The origin word from the paper is:
We analyzed the content of several billion URLs and executed an in-depth analysis of approximately 4.5 million URLs. From that set, we found about 450,000 URLs that (is malicious)

So I would say that the rate is 450,000 out of several billion.

Labels: ,