Online Security: Google Top 10 Malware Sites, McAfee Spam and Browser Attacks Report
From the “online security” section of our filling cabinet we have three pieces of news that go so well together that we couldn’t bear to split them up. The first piece of news comes from the search engine giant itself: the Google Online Security Team has composed a top 10 malware spreading sites on the internet. The second and third pieces of news come from security software developer and vendor MacAfee: the company has published its June 2009 spam report and has also published a new whitepaper on web browser attacks.
Before we present the news from Google and McAfee, here are some quick tips on how to stay safe online. The web can prove to be a dangerous place, but as long as you keep a few simple (very simple) guidelines in mind, you should be ok:
- Keep your operating system and software up-to-date.
- Use a security solution and keep it updated also.
- Choose a properly strong password.
- Do not use the same login info (username and password) over and over again – like for example the same username and password for your email account, Facebook account, Windows login, online banking account, etc.
- Do not click the links provided in spam messages. Do not fall for phishing and social networking scams.
Google’s Top 10 Malware Sites
The Google Online Security Team has identified the most popular malware spreading sites for the past two months and has even set up a graph showing you their names and when they were added to the malware list (image below).
Niels Provos, member of the Google Security Team explains: “We constantly scan our index for potentially dangerous sites. Our automated systems found more than 4,000 different sites that appeared to be set up for distributing malware by massively compromising popular web sites. The graph shows the top-10 malware sites as counted by the number of compromised web sites that referenced it. All domains on the top-10 list are suspected to have compromised more than 10,000 web sites on the Internet. The graph also contains arrows indicating when these domains where first listed via the Safe Browsing API and flagged in our search results as potentially dangerous.”
McAfee June 2009 Spam Report
At the start of the week, which coincided with the start of the Month (Monday was the 1st of June), security software developer McAfee released its June 2009 Spam Report which analyzes the spam trends for the past month and at the same time brings forth details about the anatomy of a spam attack. The report focuses on two key findings:
President Obama’s first 100 days of spam: even though you might have expected something major to happen, nothing too spectacular happened in the spam world.
Identifying spam trends of the future: spam is all about making money and spammers are making good use of sophisticated tactics to separate you from your hard earned cash.
If you want to see the full report, you can download it here.
McAfee Web Browsers Attacks Whitepaper
The whitepaper is entitled “Web Browsers: An Emerging Platform Under Attack” and has been put together by McAfee Avert Labs’ Christoph Alme. Here are some highlights from the whitepaper:
- Spam messages with no actual message, just a link to malicious web page.
- Web 2.0 sites are increasingly spammed with malicious sites links.
- Legitimate web pages fall victim to people with malicious intent which use these sites to how malware or link to malware spreading sites.
- Users are referred to malicious sites because they click a video banner on a legitimate web page. This happens because malicious video banners, upon being placed in ad networks, find their way to legitimate sites.
- Popular search terms are used to drive traffic to malicious web pages.
“The widespread use of highly interactive “rich client” web applications for e-commerce, business networking, and online collaboration has finally catapulted web browsers from straightforward HTML viewers to a full-blown software platform. And as corporate users are performing a significant portion of their work on the web, whether it’s researching or collaborating, the safety of the underlying platform is critical to the company’s success. As use of the web and browser capabilities grows, so does the prevalence of web-borne malware and compromised websites,” says Christoph Alme in the whitepaper.
If you want to see the whitepaper in full, you can download it here.
Before we present the news from Google and McAfee, here are some quick tips on how to stay safe online. The web can prove to be a dangerous place, but as long as you keep a few simple (very simple) guidelines in mind, you should be ok:
- Keep your operating system and software up-to-date.
- Use a security solution and keep it updated also.
- Choose a properly strong password.
- Do not use the same login info (username and password) over and over again – like for example the same username and password for your email account, Facebook account, Windows login, online banking account, etc.
- Do not click the links provided in spam messages. Do not fall for phishing and social networking scams.
Google’s Top 10 Malware Sites
The Google Online Security Team has identified the most popular malware spreading sites for the past two months and has even set up a graph showing you their names and when they were added to the malware list (image below).
Niels Provos, member of the Google Security Team explains: “We constantly scan our index for potentially dangerous sites. Our automated systems found more than 4,000 different sites that appeared to be set up for distributing malware by massively compromising popular web sites. The graph shows the top-10 malware sites as counted by the number of compromised web sites that referenced it. All domains on the top-10 list are suspected to have compromised more than 10,000 web sites on the Internet. The graph also contains arrows indicating when these domains where first listed via the Safe Browsing API and flagged in our search results as potentially dangerous.”
McAfee June 2009 Spam Report
At the start of the week, which coincided with the start of the Month (Monday was the 1st of June), security software developer McAfee released its June 2009 Spam Report which analyzes the spam trends for the past month and at the same time brings forth details about the anatomy of a spam attack. The report focuses on two key findings:
President Obama’s first 100 days of spam: even though you might have expected something major to happen, nothing too spectacular happened in the spam world.
Identifying spam trends of the future: spam is all about making money and spammers are making good use of sophisticated tactics to separate you from your hard earned cash.
If you want to see the full report, you can download it here.
McAfee Web Browsers Attacks Whitepaper
The whitepaper is entitled “Web Browsers: An Emerging Platform Under Attack” and has been put together by McAfee Avert Labs’ Christoph Alme. Here are some highlights from the whitepaper:
- Spam messages with no actual message, just a link to malicious web page.
- Web 2.0 sites are increasingly spammed with malicious sites links.
- Legitimate web pages fall victim to people with malicious intent which use these sites to how malware or link to malware spreading sites.
- Users are referred to malicious sites because they click a video banner on a legitimate web page. This happens because malicious video banners, upon being placed in ad networks, find their way to legitimate sites.
- Popular search terms are used to drive traffic to malicious web pages.
“The widespread use of highly interactive “rich client” web applications for e-commerce, business networking, and online collaboration has finally catapulted web browsers from straightforward HTML viewers to a full-blown software platform. And as corporate users are performing a significant portion of their work on the web, whether it’s researching or collaborating, the safety of the underlying platform is critical to the company’s success. As use of the web and browser capabilities grows, so does the prevalence of web-borne malware and compromised websites,” says Christoph Alme in the whitepaper.
If you want to see the whitepaper in full, you can download it here.
