Feb. 16, 2006 - A study recently published by a group of
researchers at the Department of Computer Science and Engineering at the
University of Washington has found that 1.5 percent of the URLs studied
exploited flaws in Internet Explorer to install spyware without the
user's permission.

Although 1.5 percent may seem it a very small percentage, it means that
one in every 67 web pages analyzed included malicious content to exploit
vulnerabilities in the browser.

The study, available at
http://www.cs.washington.edu/homes/gribble/papers/spycrawler.pdf
examined 18 million URLs in May and October last year, which also
allowed the evolution over time to be studied. This study is
particularly interesting because of the diversity of the data it offers,
analyzing many websites by category and type of executable file
downloaded (keyloggers, dialers, Trojans, adware or browser hijackers).

The study also shows that a large number of the executable files
downloaded contained various attack functions. In May last year, the
most common attack was adware, whereas in October this attack dropped
compared to browser hijackers, which were the most common with 85
percent of detections.