Gaming, Celebrity Sites Nastiest Web Neighborhoods

Your mother was right: some neighborhoods are more dangerous than others.

In a recently published paper, researchers at the University of Washington said that some Web wards are significantly more likely to host spyware and launch "drive-by downloads," the term for the hacker practice of using browser or Windows vulnerabilities to silently install software.

The nastiest Web neighborhoods? Games and celebrity-oriented sites.

"Our data shows that the most high-risk category is 'games,'" said the report. "Another is celebrity, for which over one in seven executables are infected with spyware."

In May and October 2005, Henry Levy and Steven Gribble, two University of Washington professors, sent customized Web crawlers scouring the Internet for spyware. Each foray sniffed through some 45,000 sites, then cataloged the executable files found and tested malicious sites' effectiveness by exposing unpatched versions of Internet Explorer and Firefox to drive-bys.Levy and Gribble divided the sites into ten categories that ranged from games, news, and celebrity to adult, kids, and music.

One in five of gaming site hosted spyware, said Levy and Gribble, the highest percentage of any neighborhood. Music placed second on the shame list, with 11.4 percent of domains infected (about one in nine).

Internet districts such as news and kids, meanwhile, were much safer. No infected news domains were spotted by Levy and Gribble, and only 1.6 percent of kids' sites hosted spyware.

Other data, however, pointed to additional risky neighborhoods. More than one in ten executable files found on adult sites, for instance, were spyware-infected. Ditto for sites offering wallpaper (and screensaver) executable files. But the worst locale, as measured by infected executables, was gaming, where 16.3 percent of the files were plagued with spyware.

Levy and Gribble also tested the same neighborhoods to see how many drive-by downloads each launched. Drive-bys are considered the most nefarious method of installing adware and spyware onto user's PCs, since they leverage browser bugs to automatically (or nearly automatically) download and install the software onto hard drives.The worst neighborhood for drive-by downloads was, hands-down, made up of sites that offered pirated copies of software, games, music, and movies. In October, Levy and Gribble found 6.5 percent of all pirate domains conducting drive-by downloads. Adult (2 percent), celebrity (3.9 percent), and games (3.3 percent) followed.

Amazingly, those numbers were significantly lower than the ones gathered during an earlier sweep in May 2005, when 16.6 percent (about one in six) pirate sites did drive-bys, and 9 percent of adults sites used the practice to install spyware.

"It's difficult to attribute this to a specific cause," cautioned Levy and Gribble, who offered several possible reasons for the decline, ranging from greater adoption of anti-spyware tools to civil lawsuits filed against spyware and adware purveyors.

"The percent of executables that were infected with spyware caught us by surprise," said Levy. "We didn't expect it to be that high."

"What important here is that overall, one in 25 domains has infectious files," added Gribble.Fortunately, they're concentrated in some neighborhoods, and nowhere to be seen in others.

The Levy/Gribble paper can be downloaded in PDF format from the University of Washington's Web site.