Malware Infections Are Usually From "Legitimate" Websites

Malware Infections Are Usually From "Legitimate" Websites

Google Transparency Report Malicious Web Data

You're more likely to encounter malware through reputable, hacked services than seedy, illict websites.

If you've spent even a small amount of time on the internet, you're probably aware of a simple fact: Malware is everywhere. Everywhere. Hiding in your computer, tracking your private data, and generally being a pain in everyone's digital rear end. Thankfully, there's lots of advice on avoiding malware infections, the most common being to show discretion with the pages you visit. Just avoid obscure and untrusted "phishing" websites asking for personal information, and you'll bypass 90-95% of the bad stuff, right? According to Google, no, not really. The web giant has updated its Transparency Report with breakdowns on common infection sources, revealing the biggest malware culprits to be compromised "legitimate" pages that unwittingly take advantage of visitors.

Let's make one thing clear: It is still a horrible idea to just visit some illict porn site and start downloading everything you see. That will turn out badly. What Google's saying is that the vast majority of malware infections come from perfectly legal services which most users assume are safe. Some are small Mom-and-Pop operations, others could be significantly larger, but all have vulnerabilities that hackers took advantage of. Google blocks approximately 10,000 of these websites per day to stem the tide, but with up to 90,000 infections detected during especially infectious weeks, the company is clearly involved in a long-term struggle.

That said, it's not all bad news. As webmasters become more aware of online security, the response time between detecting an infection and repairing it has dropped dramatically in recent years. Google's Safe Browsing, for example, informs users and webmasters when websites have been compromised, discouraging traffic until the problem is fixed. We'll probably never fully get rid of malware, considering that approximately 100 million browsers see warnings each week. Still, while the number seems daunting, the fact that we know about it at all is a step in the right direction.

Source: Google Transparency Report, via Ars Technica

Permalink

And I still know idiots who claim that they don't need antivirus and security programs, because they 'know what they're doing.' I should show them this article, not that it'll be likely to change their minds.

Oh wow, so my constant malware infections aren't because of that dwarf midget porn site?

Fanghawk:
It is still a horrible idea to just visit some illict porn site and start downloading everything you see. That will turn out badly.

Fuck.

Given the Escapist's stance on ad blocking software (which is totally just, ads provide the hard working people of the internet with the money they need to live, so don't use them, they're evil, please (don't ban me bro)), seeing this kind of article here is somewhat odd given that ads on legitimate sites are known to occasionally contain malware too.

And that's why I run script/banner ad blocking software; every nasty virus I've ever gotten came from a compromised ad on a legitimate site. It's not hard to suss that out when your computer loses its shit after loading up a particular page, and lo and behold I haven't had one since I started running that much maligned blocking software years ago.

Mind you I'm not advocating its blanket use,(your favorite websites still need their ad money) but if you find yourself contracting an inordinate amount of malware that your anti-virus can't seem to stop, then it's probably a good idea to install one for awhile to narrow down your potential suspects.

noscript plz

doesn't eliminate the chance but increases your ability to block it significantly, even if you have security software (especially if you have security software)

don't tell me you can't figure out how to work the permissions because it's still not worth wiping your hard drive

... In other news, I called it a long time ago. I'm one of those paranoid nutters who run an ad blocker and Collusion on every site, minus the Escapist and some other site as they deserve the ad money.

Also, isn't there something called common sense that helps with this? But at this point, some people can really make me an unhappy man.

Tahaneira:
And I still know idiots who claim that they don't need antivirus and security programs, because they 'know what they're doing.' I should show them this article, not that it'll be likely to change their minds.

Ehhhhhh, they'll still be on your case for overall common sense. I'm seriously flummoxed with the people who come to me for computer fixing. It's as if their overall common sense disappeared.

I should be covered considering I use 2 different free spyware programs and HostXpert to block nasty sites from connecting to my computer in the first place (I mostly browse this site on my phone anyway so they get ad revenue from me)

thesilentman:

Tahaneira:
And I still know idiots who claim that they don't need antivirus and security programs, because they 'know what they're doing.' I should show them this article, not that it'll be likely to change their minds.

Ehhhhhh, they'll still be on your case for overall common sense. I'm seriously flummoxed with the people who come to me for computer fixing. It's as if their overall common sense disappeared.

No kidding. I got a ticket at work because someone's monitor stopped working. It wasn't working because she kicked the power cord out

PoolCleaningRobot:
I should be covered considering I use 2 different free spyware programs and HostXpert to block nasty sites from connecting to my computer in the first place (I mostly browse this site on my phone anyway so they get ad revenue from me)

thesilentman:

Tahaneira:
And I still know idiots who claim that they don't need antivirus and security programs, because they 'know what they're doing.' I should show them this article, not that it'll be likely to change their minds.

Ehhhhhh, they'll still be on your case for overall common sense. I'm seriously flummoxed with the people who come to me for computer fixing. It's as if their overall common sense disappeared.

No kidding. I got a ticket at work because someone's monitor stopped working. It wasn't working because she kicked the power cord out

My side job is a tech for an ISP, about 25% of the calls I get are because people unplugged their modems, and wonder why their internet is not working.

I kind of already knew that there were far more viruses on "legitimate" websites simply because of that reason. If it looks legit, its more likely to not raise suspicion.

Tahaneira:
And I still know idiots who claim that they don't need antivirus and security programs, because they 'know what they're doing.' I should show them this article, not that it'll be likely to change their minds.

The accurate version of that is that you don't need to pay for antivirus and security programs.

-Common sense (Surprisingly uncommon)
-Stop automatically loading plugins in your browser (Chrome with AdBlock and appropriate settings or Firefox with NoScript)
-A good free antivirus (Microsoft Security Essentials is my choice; Some prefer others)

is all a good user should ever need to keep their PC clean.

Mr.Tea:

Tahaneira:
And I still know idiots who claim that they don't need antivirus and security programs, because they 'know what they're doing.' I should show them this article, not that it'll be likely to change their minds.

The accurate version of that is that you don't need to pay for antivirus and security programs.

-Common sense (Surprisingly uncommon)
-Stop automatically loading plugins in your browser (Chrome with AdBlock and appropriate settings or Firefox with NoScript)
-A good free antivirus (Microsoft Security Essentials is my choice; Some prefer others)

is all a good user should ever need to keep their PC clean.

I agree wholeheartedly, I use free programs myself. But most of the aforementioned idiots refuse the concept fullstop. I know one who uninstalled his programs because they were 'taking up unnecessary space.'

This is why I use AdBlock and NoScript. The last infections I got were from ads on sites I trusted. It's hard to convince others to do the same though, even when they just got done getting infected and you're trying to explain to them why Firefox with those add-ons is a better idea than Explorer.

People seem to have trouble realizing that learning to use a nearly identical browser and two-click whitelisting websites when you visit them for the first time is a bit less of a pain than not being able to trust their hard drive ever again.

Everyone has malware/spyware, and other various "infections".

They almost *always* come from "legitimate" sources. Especially large corporate entities, which are the biggest suspects of prying into your daily life, and spying on you. They also need to know what your life is like, what you buy, what you do all day. So they can make more money they don't even need.

There is really nothing you can do about it, unless you plan on not using popular software, or not visiting thoroughfare sites.

I thought google adds getting hacked and having malware injected into it's adds was a daily occurrence wiki adds are notorious for infecting people and they are run by yes you guessed it google adds.....

Mr.Tea:

Tahaneira:
And I still know idiots who claim that they don't need antivirus and security programs, because they 'know what they're doing.' I should show them this article, not that it'll be likely to change their minds.

The accurate version of that is that you don't need to pay for antivirus and security programs.

-Common sense (Surprisingly uncommon)
-Stop automatically loading plugins in your browser (Chrome with AdBlock and appropriate settings or Firefox with NoScript)
-A good free antivirus (Microsoft Security Essentials is my choice; Some prefer others)

is all a good user should ever need to keep their PC clean.

I'd add these as well:
- Get rid of Internet Explorer and get something else (any other browser. Seriously)
- Use a registry cleaner every now and again (like Piriforms CCleaner. It's completely free, and very effective)

Eh, I can confirm this is so. I've gotten a few from browsing such sites as Cheezburger.com (though, there are some that claim I deserved it).

Still, it's made me pretty good at manually ripping malware out of my registries and hard drive by its rootkits.

thesilentman:
Also, isn't there something called common sense that helps with this?

I've heard of this common sense, I have yet to see it in action. In the meantime, there's Linux.

Waaghpowa:

thesilentman:
Also, isn't there something called common sense that helps with this?

I've heard of this common sense, I have yet to see it in action. In the meantime, there's Linux.

So... we're going to exchange the hammer that is a Windows computer with a chainsaw that is Linux.

Suddenly, I hear all of my potential customers suffering heart attacks. :-(

Really? You dont say. Why I would have never had any idea. /eyeroll

______________________________

Tahaneira:
And I still know idiots who claim that they don't need antivirus and security programs, because they 'know what they're doing.'

I personally refuse to because when I use "protection" I cant "feel" the internet.

Reminds me of the time when DeviantART had advertisers that put Malware onto peoples computers.
Instead of taking the blame and not acknowledging their negligence on who is or isn't an advertiser on their site, they blamed it on the users for not having virus protection.

Before hand they completely denied that there was even a virus program for a full year.

Well this is another of these 'noshit' moments isn't it... Good thing I'm paranoid about all my online activity. Never been hacked or anything. Any attempts have been thwarted at my hands *evil laugh*.

Front-loading malware is a problem as old as jscript.

Let's make one thing clear: It is still a horrible idea to just visit some illict porn site and start downloading everything you see. That will turn out badly.

So really, there is still a higher chance of picking up malware from illicit sites?

WeepingAngels:

Let's make one thing clear: It is still a horrible idea to just visit some illict porn site and start downloading everything you see. That will turn out badly.

So really, there is still a higher chance of picking up malware from illicit sites?

But of course. What we have here is another skewed study based upon finding facts to fit the belief instead of seeing where the facts actually lead...like to the truth. No, there is literal metric tons of shit on internet and the dirtier it is, the worse it will be. Legit sites are like Wall Street. Just because people put up gang signs doesn't mean it's more likely. It means that people will put their shit anywhere, so keep an open eye.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here