By Tim Ferguson
Tuesday, May 15 2007 07:10 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,62012997,00.htm

Google has warned Web users of the increasing threat posed by malware that can be dropped onto a computer as a Web surfer visits a particular site.

The search giant carried out in-depth research on 4.5 million Web sites and found one in 10 Web pages could successfully launch a 'drive-by-download'--such as a Trojan horse--onto a user's computer.

The software potentially allows hackers to access sensitive corporate information or install rogue applications.

Graham Cluley, senior technology consultant at Sophos, told ZDNet Asia's sister site Silicon.com Google is right to highlight what he said is a worsening trend and "a considerable problem" for businesses and end users.

Cluley said an average of around 8,000 new URLs containing malware emerged each week during April.

Most worrying, 70 percent of URLs hosting such malware are found on legitimate Web sites that have been targeted by hackers. The outdated notion that malware only resides in the darker corners of the Internet is far from the case now.

The means used to place malware on Web sites includes breaches of Web server security, user-posted content, rogue advertising and third-party widgets.

Cluley said: "They (hackers) used to spread malware by e-mail attachment. What they do now is spam out URLs."

He warned businesses: "You cannot protect users by restricting what sites they go to. You need to start protecting your Web access as well as your e-mail gateway."

Google's The Ghost in the Browser report said the rise in Web-based malware has been aided by the increasing role the Internet plays in everyday life, along with the ease in setting up Web sites.

Tim Ferguson of Silicon.com reported from London.