News

Group Says Google a Top Source of Badware

Google is now one of the top hosts of badware websites, according to new data from Stopbadware.org.

By Robert McMillan, IDG News Service (San Francisco Bureau)

June 25, 2008

Internet consumer advocacy group Stopbadware.org released data on "badware" websites on Tuesday, saying that Google was one of the top five networks responsible for hosting these dangerous websites.

The numbers show that China is now a top source of malicious websites -- China-based networks hosted more than half of the malicious websites tracked by the group -- but Google's appearance on the list is perhaps more remarkable. Google is a sponsor of Stopbadware.org, and it is the company that provides the raw data that is analyzed by the group.

A year ago, Google did not appear on Stopbadware.org's list of the top 10 sources of badware, but recently scammers and online criminals have turned to Google's Blogger service to host malicious or spyware-related pages, security experts say.

"Because it's free and because it's on a blog and you can post links to whatever you like, people have found ways to take advantage of this and create large numbers of free blogs that have bad links on them and in some cases even bad code," said Maxim Weinstein, manager of Stopbadware.org.

In March, Google was the top badware network tracked by Stopbadware. These latest numbers were compiled at the end of May.

The other four top networks for badware were based in China, led by a China Telecom network with 48,834 infected sites. Google was hosting 4,261 infected sites in May, Stopbadware.org said.

Last year most of the top networks were based in the U.S., but now Stopbadware.org says that U.S. networks account for just 21 percent of infected sites. "The U.S. ... was right on the world average" when one factors in the number of Internet users, Weinstein said.

Networks based in western Europe, in contrast, had far fewer badware sites. ""European hosts are either being targeted less or are doing a better job of security," he said.

Google did not respond to requests for comment on these numbers, but Weinstein said that the company has become very aggressive in cracking down on badware, which Stopbadware defines as spyware, malware or deceptive adware.

Most malicious Blogspot sites are taken down within the day, he said.

Still, Google has its critics.

"The security community has known about Google's problems for at least a year or two now, and unfortunately Google has not responded with anything other than hand waving," said Robert Hansen, CEO of SecTheory.org, a Web security consultancy.

Google could make it harder to host malicious code on Blogspot, but that would cut down on the number of things that its users could do with the site, Hansen explained. "Google allows full unrestricted JavaScript. MySpace.com takes a lot of precautions to not allow that by contrast ... it's much harder to put malicious JavaScript on MySpace than it is Blogspot."

Other stories by Robert McMillan

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

Taking the Botnet Threat Seriously

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

Secure your virtual and physical environments with the same software

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development