Web Browsing, Search, And Online Ads Grow More Risky, Google Says from InformationWeek reports on a recent Google Study named All Your iFRAMEs Point to Us that shows 1.3% of Google searches returned at least one malicious result.
Niels Provos, a security engineer at Google, lead the study that took 10 months of data containing billions of URLs. The data collection period was between January 2007 and October 2007. They checked 66,534,330 URLs and found that 3,385,889 URLs were “suspicious” and 3,417,590 URLs were malicious, pointing to 181,699 landing sites.
But the real impact to the end user, as described by the study, showed that a search query at Google returned “at least one malicious result, with an average approaching 1.3% of the overall incoming search queries.” Furthermore, of the top one-million URLs appearing in the search engine results, “about 6,000 belong to sites that have been verified as malicious at some point during our data collection.” Here is the kicker: “about 0.6% of the top million URLs that appeared most frequently in Google’s search results led to exposure to malicious activity at some point.”
Where does the malware originate from? Here is a chart from the study on that question:
Many of the malware stems from ads. The study showed that “on average, 2% of the landing sites were delivering malware via advertisements.” But when you look at the searchers perspective, “12% of the overall search results that returned landing pages were associated with malicious content due to unsafe Ads.”
There is some excellent data on search and malware in this Google report (PDF file).