Skip to content Skip to footer

Malware Distributors Increasingly Relying on IP Spoofing

It seems like we are seeing more and more instances of computers being infected with malware or spyware each day. As the Anti-Virus companies release updates and patches to their software, it seems as though the people who code these malicious programs are keeping up and releasing new ways of getting around that.

Drive-by attacks are becoming more and more popular. Malware distributors rely on exploiting vulnerabilities in a browser or a plug-in to install malware on users’ systems. With the growing of technology and features which help to make our lives easier, (or online browsing experiences faster) come new ways for the people who create the malware to get them on your Computers.

These malware authors are increasingly using what is known as IP spoofing to avoid being detected. Malware distributors try to detect connections from Google’s Safe Browsing survey (and services like it) and serve perfectly safe, innocuous Web pages to those services…saving its nasty payload for visitors they believe to be real user. Google has published an analysis (PDF) of more than 160 million Web pages on more than 8 million sites to look for trends in how malware is distributed. If you are interested in knowing more on drive-by attacks or how malware is spread I urge you to check it out.