We first begin by examining (where possible) the software running on the web-servers for all the landing sites that lead to the malware distribution sites. Specifically, we collected all the `` Server'' and ``X-Powered-By'' header tokens from each landing page (see Table 3). Not surprisingly, of those servers that reported this information, a significant fraction were running outdated versions of software with well known vulnerabilitiesWe consider a version as outdated if it is older than the latest corresponding version released by January, 2007 (the start date for our data collection).. For example, 38.1% of the Apache servers and 39.9% of servers with PHP scripting support reported a version with security vulnerabilities. Overall, these results reflect the weak security practices applied by the web site administrators. Clearly, running unpatched software with known vulnerabilities increases the risk of content control via server exploitation.
Niels Provos 2008-05-13