(在此文最後有內容大致相同的 BBC 的原裝英文新聞)
一成網頁含惡意程式 自動裝間諜軟件盜資料
(明報)05月 13日 星期日 05:10AM
【明報專訊】網絡搜尋器巨擘 Google 的研究人員發現,全球一成網頁含有損害電腦的惡意程式,令不法分子可盜取用家的資料。Google 希望能在搜尋結果上標示出這些有害網站以作警告,盼成為網上防毒第一防線。
Google研究員抽查了450萬個網頁,發現當中45萬個網頁包含所謂「隱蔽強迫下載」(drive-by downloads)的惡意程式,即用戶會在不知情下,自動安裝了間諜軟件等惡意程式。另又有70萬個網頁包含危害電腦的程式。
借廣告連結網頁安裝程式
「隱蔽強迫下載」已逐漸成為電腦感染病毒或被竊取敏感資料的常 見途徑,它們存在廣告或連結網頁中。一旦用戶瀏覽設下陷阱的網站時,這些惡意程式就會在自動安裝在個人電腦上。Google 研究員在報告中指出,不法分子 通常透過聲稱可提供『有趣連結』的網站,如色情影片等,吸引用戶瀏覽,並藉機安裝惡意程式。
「騎劫」電腦遙距控制
大部分惡意程式都是通過微軟的IE 瀏覽器自動安裝,包括加入「我的最愛」、「安裝工具欄」或「改變首頁」等。不過愈來愈多不法分子會利用「隱蔽強迫下載」,安裝鍵盤間諜軟件,從而竊取用戶 登記名字及密碼,而另一些惡意程式就會「騎劫」電腦並進行遙距控制。「隱蔽強迫下載」的出現,意味傳統以垃圾郵件傳播電腦病毒的方式已有所改變。
Google 擬標記網站作提示
現時,Google 正嘗試採取措施尋找惡意程式網站。 Google 希望在用戶瀏覽有潛在危險的網站時,搜尋結果旁會顯示寫有「這個網站或損害你的電腦」的告示以作警告。研究員稱﹕「一旦確認網站含有惡意軟件 後,我們會在搜尋結果中貼上標記。這樣就能令用戶避開這些網站,從而減少受惡意程式毒害的用戶人數。」
不過要尋找哪些網站含有惡意程式並非想像般容易。報告指出﹕ 「找出全部有危險的網絡程式是一大挑戰,這幾乎等於需要掌握所有網絡知識」。此外,雖然理論上廣告不會含有惡意程式,否則會大大影響公司名聲,但有些廣告 商會借出部分廣告空間予其他機構,間接令惡意程式在廣告中滋長,加大搜尋的困難。
- 英國廣播公司
Web 2.0普及 加劇程式散播
(明報) 05月 13日 星期日 05:10AM
【明報專訊】Google 分析了網絡罪犯入侵網頁的主要手法,發現惡意程式(Malware)通常隱藏在那些並非由網主所設計或控制的橫額式廣告和小裝飾上。
其實隨着Web 2.0日益普及,為罪犯提供了新的攻擊渠道,如張貼在博客和論壇網站內的圖像等內容連結,隨時可令用家中毒。
登一網站中50惡意程式
研究又發現,不法分子可「騎劫」網絡伺服器,有效地取代網頁及傳播病毒到網頁上。一項測試發現,研究員只是登入一個遭罪犯「騎劫」的伺服器網頁上,電腦便感染了50組不同的惡意程式。
要在個人電腦內設下惡意程式,首要是操控該電腦系統。過去的辦法是利用電腦病毒等遙距搜尋網絡漏洞,但此法效益不彰後,有不法分子便嘗試誘騙用家接觸潛在惡意程式的伺服器或網頁。
稱含色情內容誘人點擊
為誘使用家下載惡意程式,攻擊者會採用「社交工程」(利用人際關係間的互動特性所發展出來的攻擊法)。如利用一些聲稱「有趣」的網頁,如有色情內容、盜版軟件或媒體,誘人點擊網頁,並要求用家下載和執行「特殊密碼」,亦即惡意程式。
Google上月抽起了與20多個常用檢索詞相關的贊助商廣告連結,便是為了避免網民在檢索時不慎點擊,遭黑客盜取銀行戶口號碼、密碼等私人資料,蒙受金錢損失。
- 英國廣播公司
Google searches web’s dark side
(Last Updated: Friday, 11 May 2007, 11:37 GMT 12:37 UK)︰
One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user’s PC.
Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to “in-depth analysis”.
About 450,000 were capable of launching so-called “drive-by downloads”, sites that install malicious code, such as spyware, without a user’s knowledge.
A further 700,000 pages were thought to contain code that could compromise a user’s computer, the team report.
To address the problem, the researchers say the company has “started an effort to identify all web pages on the internet that could be malicious”.
Phantom sites
Drive-by downloads are an increasingly common way to infect a computer or steal sensitive information.
They usually consist of malicious programs that automatically install when a potential victim visits a booby-trapped website.
“To entice users to install malware, adversaries employ social engineering,” wrote Google researcher Niels Provos and his colleagues in a paper titled The Ghost In The Browser.
“The user is presented with links that promise access to ‘interesting’ pages with explicit pornographic content, copyrighted software or media. A common example are sites that display thumbnails to adult videos.”
The vast majority exploit vulnerabilities in Microsoft’s Internet Explorer browser to install themselves.
Some downloads, such as those that alter bookmarks, install unwanted toolbars or change the start page of a browser, are an annoyance. But increasingly, criminals are using drive-bys to install keyloggers that steal login and password information.
Other pieces of malicious code hijack a computer turning it into a “bot”, a remotely controlled PC.
Drive-by downloads represent a shift away from traditional methods of infecting a computer, such as spam and email attachments.
Attack plan
As well as characterising the scale of the problem on the net, the Google study analysed the main methods by which criminals inject malicious code on to innocent web pages.
It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets.
Widgets are small programs that may, for example, display a calendar on a webpage or a web traffic counter. These are often downloaded from third-party sites.
The rise of web 2.0 and user-generated content gave criminals other channels, or vectors, of attack, it found.
For example, postings in blogs and forums that contain links to images or other content could unwittingly infect a user.
The study also found that gangs were able to hijack web servers, effectively taking over and infecting all of the web pages hosted on the computer.
In a test, the researchers’ computer was infected with 50 different pieces of malware by visiting a web page hosted on a hijacked server.
The firm is now in the process of mapping the malware threat.
Google, part of the StopBadware coalition, already warns users if they are about to visit a potentially harmful website, displaying a message that reads “this site may harm your computer” next to the search results.
“Marking pages with a label allows users to avoid exposure to such sites and results in fewer users being infected,” the researchers wrote.
However, the task will not be easy, they say.
“Finding all the web-based infection vectors is a significant challenge and requires almost complete knowledge of the web as a whole,” they wrote.
