Check out the new USENIX Web site.


Undoubtedly, the level of malfeasance on the Internet is a cause for concern. That said, while our work to date has shown that the prevalence of web-malware is indeed a serious threat, the analysis herein says nothing about the number of visitors that become infected as a result of visiting a malicious page. In particular, we note that since our goal is to survey the landscape, our infrastructure is intentionally configured to be vulnerable to a wide range of attacks; hopefully, savvy computer users who diligently apply software updates would be far less vulnerable to infection. To be clear, while our analysis unequivocally shows that millions of users are exposed to malicious content every day, without a wide-scale browser vulnerability study, the actual number of compromises remains unknown. Nonetheless, we believe the pervasive nature of the results in this study elucidates the state of the malware problem today, and hopefully, serves to educate both users, web masters and other researchers about the security challenges ahead.

Lastly, we note that several outlets exists for taking advantage of the results of our infrastructure. For instance, the data that Google uses to flag search results is freely available through the Safe Browsing API [2], as well as via the Safe Browsing diagnostic page [3]. We hope these services prove to be of benefit to the greater community at large.

Niels Provos 2008-05-13