Google’s online security recently started to identify web pages that infect computers via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running malware automatically. During that time they have investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware.
Third-party content is one avenue for malicious activity. Today, a lot of third-party content is due to advertising. In Google’s analysis, they found that on average 2% of malicious web sites were delivering malware via advertising. The underlying problem is that advertising space is often syndicated to other parties who are not known to the web site owner. (Note: non-syndicated advertising networks such as Google Adwords are not affected, but any advertising networks practicing syndication needs to carefully study this problem.)
In addition, Google’s security team also investigated the structural properties of malware distribution sites. Some malware distribution sites had as many as 21,000 regular web sites pointing to them. We also found that the majority of malware was hosted on web servers located in China. Interestingly, Chinese malware distribution sites are mostly pointed to by Chinese web servers.
Always remember, good computer hygiene, such as running automatic updates for the operating system and third-party applications, as well as installing anti-virus products will go a long way in protecting your home computer.
For the full report download Google’s technical report [PDF].
Google says they are constantly scanning their index for potentially dangerous sites. Their automated search systems found more than 4,000 different sites that appeared to be set up for distributing malware by massively compromising popular web sites. Of these domains more than 1,400 were hosted in the .cn (China), i.e. .com, .biz, .net. Several contained plays on the name of Google such as goooogleadsence.biz.
The graph shows the top-10 malware sites as counted by the number of compromised web sites that referenced it. All domains on the top-10 list are suspected to have compromised more than 10,000 web sites on the Internet. The graph also contains arrows indicating when these domains where first listed via Google’s Safe Browsing API (see definition below) and flagged in their search results as potentially dangerous.
To help make the Internet a safer place, Google’s has created Safe Browsing API which is freely available and is being used by browsers such as Firefox and Chrome to protect users on the web.
What is the Safe Browsing API?
The Safe Browsing API is an experimental API that enables client applications to check URLs against Google's constantly updated blacklists of suspected phishing and malware pages. Your client application can use the API to download an encrypted table for local, client-side lookups of URLs that you would like to check.
Here are some of the things you can do with the Safe Browsing API:
- Warn users of links that appear in your site when they lead to malware-infested pages.
- Prevent users from posting links to phishing pages from your site.
- Check a list of pages against Google's lists of suspected phishing and malware pages.
To sign up for Safe Browsing API, go here:
http://code.google.com/apis/safebrowsing/key_signup.html
Comments