Google: Attack code more likely on Microsoft IIS
Google's malware team discovered that a server running Microsoft IIS is twice as likely to be hosting malicious software as are other web servers.
http://googleonlinesecurity.blogspot.com/2007/06/web-server-software-and-malware.html
The Google team doesn't draw many conclusions from this data. It is suspected that it's likely a number of these machines are not automatically installing security updates for one reason or another.
The most disturbing part of the reports is that there are about 70000 domains hosting malware or browser exploits. This is a huge number of hosts. No doubt some of those domains are purposely hosting exploits, but it's also disturbing to consider that there are thousands of administrators who have no idea their server is being used for dubious purposes.
Bruce Schneier: Department of Homeland Security Research Solicitation
Bruce Schneier points out a paper from the DHS. They are looking for researching into how to deter and prevent malware on the Internet. As Bruce points out, it's about time someone is investing in this sort of thing. It is shameful how bad computer security is today. As more and more computers attach to the Internet, the number of infected machines will continue to increase. Educating users and administrators isn't working and probably won't. The best solution is going to be to stop the malware before it has a chance to cause any damage. There is no doubt a great deal of money to be made in whoever solves this rather difficult problem.
