News

Sophos: Google's Blogger hosts 2% of world's malware

By Tim Conneally | Published July 24, 2008, 1:45 PM

Security research and analysis firm Sophos has released its cybercrime report for the first half of 2008 and found Blogger, a property of Google, to be the prime distributer of malware today.

Where infected e-mail attachments used to be the vehicle of choice for delivering malware, Sophos notes that most attacks today come from infected Web sites. Last year, one in 332 e-mails contained a malicious attachment. Today, that number has dropped to one in every 2,500.

However, malicious e-mail is still a germane concern, as spam frequently contains links to compromised sites. Many of these sites are completely legitimate, as well.

In fact, Sophos notes that 90 percent of the sites that spread trojans and spyware are otherwise reputable and trustworthy. They are turned into malware delivery platforms through scripting and SQL database attacks. But far the easiest for attackers to use as a platform, Sophos says, is Blogger.

Google's self-publishing tool dates back to the late 90's, and allows free and anonymous creation of a site hosting malicious code. What's more, the commenting system can also be spammed with links to infected sites.

Because of its relative ease of "infection", Sophos says that nearly 2 percent of all malware is hosted by Google, amounting to roughly 400 new instances a day.

Comments

View comments by with a score of at least

AnthonyB
Jul 25, 2008 - 12:38 AM

LOL! Google hosting the most malware sites. You can add that to the other verified fact which is that Google also host the most ad-sites that prey on people mistyping URLs.

One day soon hopefully people will realise that Google are one of the biggest polluters of the internet based on the internet properties that they own and what is hosted on those properties.

Score: 0

|
Post Reply
dvferret
Jul 24, 2008 - 4:21 PM

They should have said spam email however has increased from 1 per 6 emails to 10 per 1 email.

Score: 0

|
Post Reply
WeezulDK
Jul 24, 2008 - 2:48 PM

That isn't so bad, and could be considered a positive spin: "Blogger: 98% Safe!"

Score: 0

|
Post Reply
Paul Skinner
Jul 24, 2008 - 3:09 PM

Haha. That's what I though.

Bloody marketing brain.

Score: 0

|
Post Reply
dkratter
Jul 24, 2008 - 2:26 PM

Do 2% Of Evil?

Score: 0

|
Post Reply
el.guapo
Jul 24, 2008 - 2:19 PM edited

For i am... el guapo

Score: -1

|
Post Reply

Google Chrome 4: Yes, it's fast, but is it usable?

As Betanews readers have responded to our stories about Chrome's JavaScript superiority...Does that mean we'd actually use this browser? Well...

Video: Netflix on PlayStation 3

Netflix has come to the PlayStation 3 via Blu-ray and BD-Live.

Verizon Wireless launches new Android, Chocolate, and ruggedized phones

The lower-priced Eris joins the Droid, while the Chocolate gets a touchscreen and more music playback.

Early sales figures for Windows 7 nicely high, but do we know why?

Fans of triple-digit surges in figures quoted by Betanews will love this one, as it appears Microsoft rediscovered how to pull off a software launch.

Myka announces its latest Linux-based 'net top box'

Myka's ION brings Boxee, XMBC, and much more to HDTVs.

What hath Mac wrought? A remembrance after a quarter-century

The reason there's a Macintosh today is not because of some brilliant flash of engineering genius, but because Apple had the audacity to learn from its mistakes.

Early build of Moblin 2.1 improves connectivity, but not device support

The Linux Foundation's Atom-centric OS yesterday received a major overhaul with the project release of Moblin 2.1 for netbooks and nettops.

The iPhone's China syndrome: Sales of 5,000 and climbing

There's actually a country where Apple's device is not a godsend, where sales can be measured in the dozens.

New European counterpart to FCC will ensure 'a more neutral net'

Late Thursday night, the ruling telecom administrators of the EU's member nations signed away their final authority to a new entity overseen by the EC.

Sophos study suggests Windows 7 UAC's default setting is self-defeating

Without any anti-virus installed, a Sophos test showed, User Account Control was only capable of thwarting just one malware package out of ten samples chosen.

Indiscreet tweet trips awareness of Web SSL vulnerability

A group of high-level security engineers had been making progress on thwarting a low-level threat to the Web, until somebody blurted it all out on Twitter.