At least one in 10 web pages are booby-trapped with malware, according to Google.

A five-strong Google research team found that 450,000 pages, out of a sample of 4.5 million pages, contained scripts to install malicious code, such as Trojans and spyware on vulnerable PCs, the BBC reports. This is a conservative estimate - another 700,000 pages given the once-over were thought to be suspicious by Google.

Google's Ghost in the Browser study (PDF) covers the well-understood problem of drive-by-downloads from compromised sites, which are eclipsing virus-infected email as a means to spread malware. The study takes the debate further chiefly by presenting evidence about the sheer volume of web content on the "dark side" of the net. As well as hacker-run websites, malware can be injected into otherwise legitimate site via a variety of ruses, the Google team explains.

The tricks include hacking into a web server to plant malware, or planting it within third-party widgets or advertising. User-generated content also creates a means to upload malware. The researchers hope to use their findings to "map" the problem and aid the development of a new generation of safe surfing tools that steer users away from harm. ®

Related stories

• Drive-by download menace spreading fast (23 January 2008)
• Googlewhack trick used to slip junk mail past spam filters (6 November 2007)
• Researcher crosses swords with Google over XSS 'flaw' (21 August 2007)
• Hackers load malware onto Mercury music award site (7 June 2007)
• Spyware mum foils pervert (1 June 2007)
• Spyware bill seeks Senate approval (24 May 2007)
• House taunts Senate with anti-spyware bill (23 May 2007)
• McAfee maps malware risk domains (12 March 2007)
• Phish fighters floored by DDoS assault (20 February 2007)
• Botnet 'pandemic' threatens to strangle the net (26 January 2007)
• Malware lurks behind safety seal (26 September 2006)
• Search results lead to malicious sites (16 May 2006)
• Start-up seeks to spin a safer web (13 February 2006)