Safe Browsing identifies two main categories of websites that may harm visitors:
Legitimate websites that are compromised in large numbers so they can deliver or redirect to malware (Chart 3).
Attack websites that are specifically built to distribute malware are used in increasing numbers (Chart 4).
When a legitimate website is compromised, it’s usually modified to include content from an attack site or to redirect to an attack site. These attack sites will often deliver "Drive by downloads" to visitors. A drive by download exploits a vulnerability in the browser to execute a malicious program on a user's computer without their knowledge.
Drive by downloads install and run a variety of malicious programs, such as:
Spyware to gather information like your banking credentials.
Malware that uses your computer to send spam.
(Chart 3)
Attack sites are purposely built for distributing malware and try to avoid detection by services such as Safe Browsing. To do so, they adopt several techniques, such as rapidly changing their location through free web hosting, dynamic DNS records, and automated generation of new domain names (Chart 4).
(Chart 4)
As companies have designed browsers and plugins to be more secure over time, malware purveyors have also employed social engineering, where the malware author tries to deceive the user into installing malicious software without the need for any software vulnerabilities. A good example is a “Fake Anti-Virus” alert that masquerades as a legitimate security warning, but it actually infects computers with malware.
While we see socially engineered attacks still trailing behind drive by downloads in frequency, this is a fast-growing category likely due to improved browser security.
How can you help prevent malware and phishing?
Our system is designed to protect users at high volumes (Chart 5), yet here are a few things that you can do to help:
Don't ignore our warnings. Legitimate sites are commonly modified to contain malware or phishing threats until the webmaster has cleaned their site. Malware is often designed to not be seen, so you won't know if your computer becomes infected. It’s best to wait for the warning to be removed before potentially exposing your machine to a harmful infection.
Help us find bad sites. Chrome users can select the check box on the red warning page. The data sent to us helps us find bad sites more quickly and helps protect other users.
Register your website with Google Webmaster Tools. Doing so helps us inform you quickly if we find suspicious code on your website at any point.
(Chart 5)
Looking Forward
The threat landscape changes rapidly. Our adversaries are highly motivated by making money from unsuspecting victims, and at great cost to everyone involved.
Our tangible impact in making the web more secure and our ability to directly protect users from harm has been a great source of motivation for everyone on the Safe Browsing team. We are also happy that our free data feed has become the de facto base of comparison for academic research in this space.
As we look forward, Google continues to invest heavily in the Safe Browsing team, enabling us to counter newer forms of abuse. In particular, our team supplied the technology underpinning these recent efforts:
For their strong efforts over the years, I thank Panayiotis Mavrommatis, Brian Ryner, Lucas Ballard, Moheeb Abu Rajab, Fabrice Jaubert, Nav Jagpal, Ian Fette, along with the whole Safe Browsing Team.
Hey Niels great post and very proud of what you have done. thank you for keeping us and our families safer! Keep up the great work! Mehdi - A voice from the Past
What does an independent developer have to do so their software downloaded doesn't look like malware. In the latest build of Chrome it labels most setup files as dangerous: "file_name is not commonly downloaded and could be dangerous". It also now hides the Save button under a down menu via a tiny arrow. Discard is the only button displayed.
There really needs to be a system at Google so independent software developers are't mistakenly labeled as dangerous.
I am working on the same topic. The dynamic and evolving threat landscape of malicious activities on the Web is very fascinating. I wish I was in this great team.
While your stats are impressive, they do not report on the number of false positives. I run a web site that your automated checks think is hosting malware, which is untrue. Asking for a review does not seem to clear the situation.
In the meantime, I am loosing thousands of visits a day.No thnals for that, Google
Isn't it good to know that Google is at the forefront of making sure that the Internet should be free for everyone to use, while at the same time being vocal enough in reminding Web users to be cautious and responsible with their online activities? I believe we ought to give Google a lot of credit for doing so.
I was considering on getting magic desktop from easybits as a safe browser solution, do you know it? it's for my children and I want to understand whether this would be a preferable solution to avoid some of the issues you mention. Their page is http://www.magicdesktop.com/, if you can share an assessment of whether this is safe compared to your software would be most appreciated.
I didn't realize the threat are growing so fast. It's terrifying. Hope efforts like Yours will prevent those kind of anomalies. Thanks for Your efforts!
Very interesting post, and the step-by step guide is really very good. The result of the interactive menu is impressive. Thanks for sharing! website design
Interesting Topic on safe web users.Now a days Chrome, Firefox, and Safari are most popular web browsers which is used by millions of people.web hosting companies | best hosting companies
Follow
17 comments :
Congratulations, hope you keep us safe in the next 100 years!
Cheers, and here's for another 5!
thank you there is no one else as capable as you people in this whole world
Thank you Google for all your services
Hey Niels great post and very proud of what you have done. thank you for keeping us and our families safer!
Keep up the great work!
Mehdi - A voice from the Past
Google could you please add like ! By the malicious links in search
What does an independent developer have to do so their software downloaded doesn't look like malware. In the latest build of Chrome it labels most setup files as dangerous: "file_name is not commonly downloaded and could be dangerous". It also now hides the Save button under a down menu via a tiny arrow. Discard is the only button displayed.
There really needs to be a system at Google so independent software developers are't mistakenly labeled as dangerous.
I am working on the same topic. The dynamic and evolving threat landscape of malicious activities on the Web is very fascinating. I wish I was in this great team.
Thanks for sharing your information.Keep on updating.
While your stats are impressive, they do not report on the number of false positives. I run a web site that your automated checks think is hosting malware, which is untrue. Asking for a review does not seem to clear the situation.
In the meantime, I am loosing thousands of visits a day.No thnals for that, Google
Isn't it good to know that Google is at the forefront of making sure that the Internet should be free for everyone to use, while at the same time being vocal enough in reminding Web users to be cautious and responsible with their online activities? I believe we ought to give Google a lot of credit for doing so.
I was considering on getting magic desktop from easybits as a safe browser solution, do you know it? it's for my children and I want to understand whether this would be a preferable solution to avoid some of the issues you mention. Their page is http://www.magicdesktop.com/, if you can share an assessment of whether this is safe compared to your software would be most appreciated.
I didn't realize the threat are growing so fast. It's terrifying. Hope efforts like Yours will prevent those kind of anomalies. Thanks for Your efforts!
Regards.
Nice statistics, thanks Google for protecting us against malwares, webspams, phishing and so forth.
Gracias a Dios que Google existe y cuida sus usuarios!
This is awesome! I've been looking for some insight on finding quality safes in Toronto. Do you have any suggestions?
Very interesting post, and the step-by step guide is really very good. The result of the interactive menu is impressive. Thanks for sharing!
website design
Interesting Topic on safe web users.Now a days Chrome, Firefox, and Safari are most popular web browsers which is used by millions of people.web hosting companies | best hosting companies
Post a Comment