Feeds

Regular domains beat smut sites at hosting malware

99 to 1, study finds

3 Big data security analytics techniques

New research pours scorn on the comforting but erroneous belief that Windows surfers who avoid smut and wares on the web are likely to avoid exposure to malware.

A study by free anti-virus firm Avast found 99 infected legitimate domains for every infected adult web site. In the UK, Avast found that more infected domains contained the word "London" (such as the blog section of http://kensington-london-hotels.co.uk) than the word "sex". Among the domains labelled as infected by Avast was the smart phones section of the Vodafone UK website. The mobile phone operator's site contained a malicious JavaScript redirect script that attempted to take advantage of an unpatched Windows Help and Support Centre flaw (CVE-2010-1885) to infect the machines of visiting surfers.

HTML files from sub-domain blackberry.vodafone.co.uk still contain malicious code at the time of writing but point to a site containing the attack payload site that has been pulled offline.

"Users browsing Vodafone domain should be safe - until new hack/updated hack will be performed," Avast researcher Miloslav Korenko told The Reg. "This may happen in the same way as the first hack.

"Of course, the Blackberry section of Vodafone.co.uk website needs to be cleaned as well - to prevent future attack similar to this one."

We have passed on details of the problem to Vodafone and will update this story as and when we get a response.

The type of attack against Vodafone is typical of one in five of the website infections identified by Avast. The anti-virus firm's results were culled from anonymous security incident logs submitted by users of its security software since the middle of last year. Data submitted includes information on the malware type and visited website, from which Avast draws its conclusions that infection of regular legitimate websites is a far more common cause of problems than visits to smut sites.

Infected sites recorded by the study include Brazilian software download site Baixaki and a variety of small business websites in Germany. Avast said a declining rate of the infections on ‘adult’ websites during its study emerged as a clear trend.

"We are not recommending people to start searching for erotic content but the statistics are clear - for every infected adult domain we identify there are 99 others with perfectly legitimate content that are also infected," commented Avast CTO Ondrej Vlcek. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.