One in 10 web pages contains malicious code that could infect a user’s PC. Researchers at Google scrutinized 4.5 million pages to and 10% or 450,000 were capable of launching so-called “drive-by downloads”, sites that install malicious code, such as spyware, without a user’s knowledge, and a further 700,000 pages were thought to contain code that could compromise a user’s computer.

Drive-by downloads are an increasingly common way to infect a computer or steal sensitive information. They usually consist of malicious programs that automatically install when a user visits a booby-trapped website.

“To entice users to install malware, adversaries employ social engineering,” wrote Google researcher Niels Provos.

“The user is presented with links that promise access to ‘interesting’ pages with explicit pornographic content, copyrighted software or media. A common example are sites that display thumbnails to adult videos.”

Some downloads, alter bookmarks, install unwanted toolbars or change the start page of a browser. However, increasingly, criminals are using drive-bys to install keyloggers that steal login and password information.

Other pieces of malicious code hijack a computer turning it into a “bot”, a remotely controlled PC.

Drive-by downloads represent a shift away from traditional methods of infecting a computer, such as spam and email attachments.

The vast majority exploit vulnerabilities in Microsoft’s Internet Explorer browser to install themselves.

Google will start to identify all web pages on the internet that could be malicious.
Google, part of the StopBadware coalition, already warns users if they are about to visit a potentially harmful website, displaying a message that reads “this site may harm your computer” next to the search results.

“Marking pages with a label allows users to avoid exposure to such sites and results in fewer users being infected,” the researchers wrote. This is similar to the browser install produced by McAfee called SiteAdvisor, which alters users to spyware, spam, viruses and online scams. SiteAdvisor, alerts users of web site’s safety by assigning color codes next to the severity of the threat posted. However, the constant pop-up that alerts users of a sites threat level can get annoying and time consuming.

The Google report also identified the other methods by which criminals inject malicious code on to innocent web pages.

1. Spam email - are a common way to infect a computer. It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets.

2. Widgets - are small programs that may, for example, display a calendar on a web page or a web traffic counter. These are often downloaded from third-party sites. The rise of web 2.0 and user-generated content gave criminals other channels, or vectors, of attack, it found. For example, postings in blogs and forums that contain links to images or other content could unwittingly infect a user.