Security Blog

The latest news and insights from Google on security and safety on the Internet

Web Server Software and Malware

5. Juni 2007
Share on Twitter Share on Facebook
Google

36 Kommentare :

Carlos hat gesagt…

The study should include the distribution of the 70000 domains in the total number. This would show if the conclusion is fair enough with the web server investigation.
This only true if it follows a normal distribution and a representative subset.

5. Juni 2007 um 18:15
Unknown hat gesagt…

I think the point of patch is totally wrong.

First, by my knowledge, pirated Windows still can get Automatic Update automatically download patch, they just can't go to Windows Update/Microsoft Update/Microsoft Download Center site for manual update. So almost all Windows can get all the required security patch.

Second, I don't think that all malicious is caused by hacking into an unpatched Windows. Maybe the user accidently open an attachment and install some trojans. So the user's computer become a malicious web server through the control of trojan from hacker, not through break into an unpatched security hole. So I think some IIS rate of China and S. Korea is contributed from the many hackers from those country, sending trojan mails with their familiar language to their people. So the count of China and S. Korea just reflect the fact that the hackers from these country is more then other country.

Third, I think that the count is by IP/domain name. I think hackers also host the malicious web server by themself. They get many IPs and domain names to point to a single web server to avoid detection/blocking. So the count of web server cannot see as so much individual web server. Maybe the hackers from China and S. Korea/Russia is familiar with IIS/Apache, so they contribute many many counts by physically single IIS/Apache.

The last, most people who install Apache because he/she want to populate a web site. He/she should open their site often. If there are any problem they will know at first time and try to clear them. But many people who install IIS just because Windows install and enable it by default. (I have forget which Windows version will do that) They never open the site on localhost, they even don't know they have a web site on their computer. So they don't know their IIS is used for distributing malware. The malicious IISs live for a long time, so the statistics show that the rate of malicious IIS is more then the rate of all IIS.

6. Juni 2007 um 21:56
IRONICLAW hat gesagt…

Ermm I'm kinda new to blog but anyway what the heck.. In my own opinion Apache is much safer compared to IIS, and why am i saying so?? Because it's M$ own fault for causing so. M$ detected in IIS 5.0 there's a loophole that allow hacker to exploited it and it provides the technical details to all to view on where and how to actually exploit the loophole (which in my own term is pretty idiotic). And at the same time no patch or solution was provided (ain't that is similar to blowing off your own whistles).. And the solution provided is nothing much just as usual,: Please upgrade to a updated version of M$ products IIS 5.0 to IIS 6.0 (hey!! IIS 6.0 wasn't optimized for WinXP/2000 initially, only Win2003 Servers), WinXP to Vista blablabla (why can't I remain wih my legacy systems which I pretty comfortable with, and where the heck is my patch?? M$, YOU found it then give me the solutions or workaround to the loophole not just telling me Yeap!! OUR product is faulty so live with it; in which I can't, sorry).. That's why Apache is better position, at least if there a loophole detected, though no patch is provided, some tweakers might have some ideas on setting the pace right unlike M$, huh!! 1 billion dollars on research, what a waste.. I started to doubts the IQs of M$ software engineers.. Sigh, geniuses Yeah MY @SS

7. Juni 2007 um 13:07
Unknown hat gesagt…

I too agree some of these malware spreading IIS servers may have been infected via another means (like a trojan) and the malware turned on the IIS service to infect others/do other evils.

It's a lot like spam botnets.

8. Juni 2007 um 03:55
Unknown hat gesagt…

It is worthy to note that the reason for the disparity of IIS in South Korea is likey due to the tiein that S Korea has into Microsoft OPerating Systems. More details here:

http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s#003095

Makes intresting reading. Tied into the fact that S Korea has a large propensity for Bots which is not just due to their runnig MS products but also due to the large amounts of available bandwidth. It would be intresting to know how many of the compromised servers were home based machines or hosted.

11. Juni 2007 um 22:35
Offshore Software Development hat gesagt…

IP and Data Security - Companies considering outsourcing their software development need to know and protect themselves against the risks related to the Intellectual property violations as well as Data Security. In order to mitigate this risk, clients need to check with the vendors on steps that they will take to protect their IP and the sensitive data such as customer information, employee information, financial data and market research data. This should be done during the Vendor Selection process.Clients should ensure that selected vendor has the well documented Information Security Management (ISM) Policy. Vendors need to provide a dedicated project and data server to their clients with audit control access on all the servers. Client should check that the Vendor’s facility is secured with smart card control access and vendor’s development team members have signed the Confidentiality agreements. In addition, the development contract should include clauses for Non-compete, Non-disclosure and non-solicitation.

Software Development Company

22. September 2007 um 06:26
Offshore Software Development hat gesagt…
Dieser Kommentar wurde vom Autor entfernt.
22. September 2007 um 06:26
Offshore Software Development hat gesagt…
Dieser Kommentar wurde vom Autor entfernt.
22. September 2007 um 06:26
Anonym hat gesagt…
Der Kommentar wurde von einem Blog-Administrator entfernt.
11. Oktober 2007 um 02:00
krish hat gesagt…

Given the stats in this article though not a complete survey, but the figures certainly hints to the growing concern i.e the objective of the world wide web is getting contaminated from every parts of the world.

3. März 2008 um 07:22
root123 hat gesagt…

Software Development Company The study is a remarkable step in highlighting one of the core issues that the web is facing today

13. März 2008 um 07:23
John hat gesagt…

I knew that Apache was leading the way in the web server community but I did not realize the extent to which IIS and other windows web servers were trailing the hosting industry.

24. März 2008 um 13:12
Unknown hat gesagt…

For nice post :)

http://www.bencehersey.net

2. Juni 2008 um 19:42
Unknown hat gesagt…

Yout post thanx dostum

http://bencehersey.net/heh/windows-security-alert-virusu-temizleme-yontemi

2. Juni 2008 um 19:45
Mandar Thosar hat gesagt…

Thanks for the information. How can I protect visitors on my site? I am providing plain text content through html pages. But still are there any ways through which I can curb misuse.

Express your feelings

5. Juni 2008 um 10:41
alastairc hat gesagt…

It would be useful for any followup if you could distinguish between those who are victims of hacked servers compared to those who are intentionally distributing malware.

This could of course be impossible to detect reliably, but I'd still love to know...

16. Juli 2008 um 13:15
Anonym hat gesagt…

• The mushrooming of the software development companies have been instrumental in raising the bar for the quality of the software services. The increase of the concerns providing software services have made it possible for the clients to choose the best software development company from among the lot. In the cut throat competition only the best can survive and hence the companies give their best in order to thrive amidst this competition.

17. Juli 2008 um 06:59
Jane B hat gesagt…

Hi Nagendra,
Your study on web server software & malware is quite impressive. It would be more helpful if you suggest any good solution to this problem..

offshore software development

24. Juli 2008 um 07:33
Business Process Outsourcing hat gesagt…

Hi
Your blog is really contains lots of knowledge . I learn lots of think for this blog . I hope you will continue for such amaging knowledge with us .
Thanks...



Ravi kesarwani

http://www.ekamsoftwares.com

11. August 2008 um 03:18
web development services hat gesagt…

Hi to all i am really impressed by this blog because i got a lot of information about new technologies like web development, web designing ,SEO. i want to introduce you to our company (AMCO IT SYSTEMS)
we are E commerce, E business and B2B and data entry company, we specialized in web developing, web designing,Seo.
if you have any inquiry please contact us.
Thanks

28. August 2008 um 03:00
Azwar hat gesagt…

Once a bank has been alerted to the fact that it is the subject of a phishing attack, the race is on to close the target phishing site as quickly as possible. However, professional fraudsters will take steps to ensure that the process is as difficult and time consuming as possible: your time is their money.

Fraudsters will often host their sites in developing countries with limited law enforcement resources and incentivize the hosting company to keep the site running as long as it possibly can. Indeed, some unscrupulous hosting companies actually promote fraud hosting as a service.

Netcraft’s countermeasures service helps banks and other financial organizations to combat these techniques. Once a phishing site has been detected, Netcraft responds with a set of actions which will significantly limit access to the site immediately, and will ultimately cause the fraudulent content to be eliminated.

Netcraft’s approach is distinguished from other providers of takedown services through its ability to block access to the site for users of a wide range of technology immediately, and to provide information back to the bank that will identify compromised accounts.

11. September 2008 um 04:51
Integrated Business Software hat gesagt…

Very interesting article. Good research, and I like the graphs.

16. September 2008 um 10:47
Anonym hat gesagt…

Yes, it is quite interesting to see the distribution of server software across different countries and the percentage of these servers software hosting malware. It is true that across Asia most people are inclined towards IIS rather than other operation systems. The amount of piracy that goes on here is tremendous and due to this auto update of the server does not happen and they become a target for hosting Malware, especially in a shared hosting environment. Original software can lower the percentage substantially. Web Designer.

7. Januar 2009 um 17:45
Ray Creations hat gesagt…

Thanks for this interesting post.

8. Februar 2009 um 03:43
Ray Creations hat gesagt…

thank you for sharing such an informative post, good research.

8. Februar 2009 um 07:28
Healthcare and IT Professionals hat gesagt…

Hi,

It is very interested topic about to the distribution of the web server software.I think in this way the people can get a a lot of useful information about to the web server,For example,How many domain are attached to th web server,So it approximately 80 million.
Thanks again for this useful information.
Regards,
Shopping Cart.

3. April 2009 um 00:38
Unknown hat gesagt…

Thats a great statistics about different HTTP servers and their comparative performance. Realy uncommon resource. Web Design UK

23. Juli 2009 um 14:21
Unknown hat gesagt…

Nobody mentioned the fact that IIS 6/7 is nested into the Window kernel (to run faster than others).

When a vulnerability is exploited in the kernel, attackers have full access to the highest privileges.

This is not the case with user-mode web servers.

More details on this issue here:

http://trustleap.ch/en_iis.html

By the way, IIS 7.0 is no longer the fastest web server under Windows (despite the kernel), see:

http://gwan.ch/

29. August 2009 um 06:04
travel30 hat gesagt…

I think you have to view numbers in comparison to the total number of web
servers using Apache and IIS. As you can see in the graph which can be
found a bit higher, a lot more web servers are using Apache than IIS. If
actually the absolute number of malware distributing IIS servers is
equals to the number of Apache, the relative numbers are much worse for
IIS.

Thanks
Rohit from Outsourced Software Development company

31. August 2009 um 03:09
Empress Cruises & Events hat gesagt…

Thanks for posting very useful post. Now days there are numbers of Pirated Windows Software available and most of them doesn't have automatic update option to download patch.

Cloud Computing Services

14. Dezember 2009 um 06:10
Chocolate Cake hat gesagt…

I am getting this "Sorry" message more and more often now. I do not believe that there is any "worm" in my system and it is a real nuisance. It is forcing me to switch to Yahoo or Ask. I do all my searche by hand and they are very innocent searches too. The sorry message does not even end with a CAPTCHA thingy to put my verification code to prove I am human. This is seriously getting on my nerves! I never had this problem before. Its only started recently, but I have no idea what triggered it.

21. April 2010 um 20:40
Unknown hat gesagt…

Thanks for the information, we will add this story to our blog, as we have a audience in this sector that loves reading like this” web development

15. Juli 2010 um 13:24
Offshore software development India hat gesagt…

Thanks for this awesome post. Nicely explained the topic and very helpful for beginners.
Please continue writing.

Regards:-Offshore software development company

13. August 2010 um 16:23
Goa Ad hat gesagt…

it seems thats there is a lot to be done for protecting users from various exploits. Many antiviruses do not recognize or provide protection against web malwares.

16. Dezember 2010 um 11:26
Unknown hat gesagt…

It’s so highly informative things are posted here. These things are the fresh and having good information are posted here, and also am seeking for this kind of information thanks for updated..

lms software development services

7. November 2013 um 01:02
Rajinder Singh hat gesagt…

Nice stuff you sharing. But i expect more then this information.....




Best Logo Design Company in India

8. Mai 2014 um 06:55

Kommentar veröffentlichen

  

Labels


  • #sharethemicincyber
  • #supplychain #security #opensource
  • android
  • android security
  • android tr
  • app security
  • big data
  • biometrics
  • blackhat
  • C++
  • chrome
  • chrome security
  • connected devices
  • CTF
  • diversity
  • encryption
  • federated learning
  • fuzzing
  • Gboard
  • google play
  • google play protect
  • hacking
  • interoperability
  • iot security
  • kubernetes
  • linux kernel
  • memory safety
  • Open Source
  • pha family highlights
  • pixel
  • privacy
  • private compute core
  • Rowhammer
  • rust
  • Security
  • security rewards program
  • sigstore
  • spyware
  • supply chain
  • targeted spyware
  • tensor
  • Titan M2
  • VDP
  • vulnerabilities
  • workshop


Archive


  •     2023
    • März
    • Feb.
    • Jan.
  •     2022
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2021
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2020
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2019
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2018
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2017
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2016
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2015
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2014
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2013
    • Dez.
    • Nov.
    • Okt.
    • Aug.
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2012
    • Dez.
    • Sept.
    • Aug.
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2011
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
  •     2010
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Mai
    • Apr.
    • März
  •     2009
    • Nov.
    • Okt.
    • Aug.
    • Juli
    • Juni
    • März
  •     2008
    • Dez.
    • Nov.
    • Okt.
    • Aug.
    • Juli
    • Mai
    • Feb.
  •     2007
    • Nov.
    • Okt.
    • Sept.
    • Juli
    • Juni
    • Mai

Feed

Follow
Give us feedback in our Product Forums.
  • Google
  • Privacy
  • Terms