WEB BADNESS REMAINz BAD

[humble3d]

WEB BADNESS REMAINz BAD

Web Badness Knows No Bounds

If your strategy for remaining safe and secure online is mainly to avoid visiting dodgy Web

sites, it’s time to consider a new approach. Data released today by Google serves as a

welcome reminder that drive-by malware attacks are far more likely to come from hacked,

legitimate Web sites than from sites set up by attackers to intentionally host and

distribute malicious software.

Today, Google released a truckload of data from its Safe Browsing program, which flags and

warns users about more than 10,000 suspicious and malicious Web sites each day. The

information clearly shows that gone are the days when folks could avoid giving their

computers a nasty little rash simply by staying out of the Internet’s red-light districts

(networks with large aggregations of porn and piracy sites, for example).


At the same time, some places on the Internet clearly are far more dangerous than others,

Google’s data sets show. Have a look at the following graphic, which lists the most hostile

Internet providers in the United States (the U.S. is currently responsible for just 2

percent of the world’s malicious sites, Google says)


Concentrations of hacked and malicious sites at U.S. Internet providers.Source: Google

The most malicious U.S. network listed by Google — a data center run by a company in New

York called Pilosoft — is no stranger to lists charting the top sources of badness online.

Pilosoft figured prominently in Operation Ghost Click, a U.S. Justice Department takedown

targeting the DNS Changer botnet, which had a significant portion of its operations based at

Pilosoft. Google says it has scanned 13 percent of Pilosoft’s network, and found that more

than half of the sites it scanned were malicious.

Other top badness concentrations have a history of courting malware purveyors. Ask Google’s

report to display the most densely malicious ISPs regardless of country and you’ll notice

some interesting names float to the top of the list. Among them, Santrex Internet Services,

is a well-known offshore bulletproof hosting provider based in the Seychelles.



Some networks are completely overrun with malicious sites, and some actively seek out this

condition.

Of course, more mainstream networks and ISPs also are constantly battling malicious sites

within their borders. It’s worth noting that 22 percent of the sites hosted at one section

of the network run by major ISP Comcast (AS20214) are malicious, according to Google,

although the company says it has scanned only 4 percent of this portion Comcast’s network so

far. Google’s data is broken down by “autonomous system” (AS) numbers — which are basically

a numerical way of keeping track of networks — and a large ISP may control numerous ASes.

Several other Comcast ASes are listed in the first few pages of Google’s index of U.S.-based

badness. To be fair, Comcast is the nation’s largest cable Internet provider, so it’s

perhaps unsurprising that it hosts so many compromised sites. However, Comcast’s largest

competitor in the United States — Verizon — doesn’t appear until page 19 of Google’s results

(with 5 percent of scanned sites malicious and 5 percent of the network scanned).


More than ever, avoiding drive-by malware downloads means keeping your computer, browser and

browser plugins up to date with the latest security patches. For tips on how to manage that

and other ideas for safe browsing, check out my tutorial Tools for a Safer PC.

One final note: The malware data is only a subsection of a larger Transparency Report that

Google has published. One very interesting section of the report (not malware-related) shows

all of the places in the world where Google’s various services are currently being disrupted

or censored in more than 30 different countries worldwide.

_http://buildingtrust.trusteer.com/GartnerMQ2013?src=Krebs

Reader comment:
1. Use the latest version of Firefox (22.0) with two add-ons, AdBlock Plus and NoScript. The

latter takes a few hours to get used to, but it’s well worth it in the long run.

2. Disable Java from running in the browser.

3. Keep Adobe Flash current, and remove any Adobe PDF software. Either use Firefox’s inline

reader to view PDFs, or use a lesser-known viewer (Sumatra etc.)

Since doing these easy steps around 2 years ago, I haven’t been hit with a single confirmed

malware instance… even when visiting notable porn sites.

Source

http://krebsonsecurity.com/2013/06/web-badness-knows-no-bounds/

More comments from above

What is the effect of using noscript? What about disabling java? Novice here. Does your

advice only hold true for the Firefox user?
Reply
BrianKrebs
June 25, 2013 at 3:06 pm

Hi Gregry, I discuss some of the impacts of using Noscript here

http://krebsonsecurity.com/tools-for-a-safer-pc/

Also, you may consider as a more noob-friendly alternative using Click-to-Play

http://krebsonsecurity.com/2013/03/help-keep-threats-at-bay-with-click-to-play/

Reply
? + ? = ½
June 25, 2013 at 3:28 pm

Gregory — the part about disabling Java holds for everyone, but AdBlock Plus/NoScript are

add-ons exclusively for Firefox. NoScript prevents sites from using JavaScript without the

user’s approval. As you visit frequently-used sites (Gmail, KrebsOnSec, whatever) you can

whitelist these sites. After a few hours/days, you’ll have whitelisted everything you use

regularly while keeping dubious domains (doubleclick.net, iesnare, google-analytics, etc)

from serving their trackers/ads/malware/etc.

I tell everyone to use Firefox… IE, although it may have gotten “hardened” since version 8,

seems to be a favored target of malware writers. I still keep IE around if some specific

webpage has trouble loading on Firefox.
Reply
Neej
June 25, 2013 at 8:29 pm

You can also get equivalent (and similarly named) addons for Google Chrome.

While of course it’s a good idea for everyone to use NoScript I still fear even this is too

hard to use for some people. Often sites serve up content from many URLs so whitelisting

just the URL you use to get to the site isn’t enough, people get frustrated leading to

turning it off making it pointless etc. Also the notification that it uses is annoying (at

least for me) It can be turned off but then some people are going to forget they’re using

it and be mysitfied by sites not working.

Not sure how one could make it easier to use but if users can use it it’s well worth it.
Reply
kurt wismer
June 26, 2013 at 10:34 am

unfortunately, although there are chrome extensions with similar names to noscript, they do

not provide similar levels of security.

check this post by the creator of noscript (and pay attention to the post updates)

http://hackademix.net/2009/12/10/why-chrome-has-no-noscript/

:lol:

Edited July 3, 2014 by humble3d