June 20, 2012
Google Flags 9,500 Malicious Websites Per Day
Google published some startling statistics on Tuesday, revealing that it uncovers some 9,500 new malicious websites every day through its ℠Safe Browsing´ program.
“These are either innocent websites that have been compromised by malware authors, or others that are built specifically for malware distribution or phishing,” wrote Google Security Team blogger Niels Provos in a blog posting.
“While we flag many sites daily, we strive for high quality and have had only a handful of false positives,” wrote Provos.
The news coincides with the fifth anniversary of Google´s Safe Browsing initiative, which seeks to protect people from malicious content on Google´s search results, ads, as well as the Chrome, Firefox and Safari web browsers.
The company said that between 12 and 14 million Google search queries per day return results that include at least one hacked site, while 300,000 downloads per day get flagged with a warning through Google's download protection service for Chrome.
“The threat landscape changes rapidly,” wrote Provos.
“Our adversaries are highly motivated by making money from unsuspecting victims, and at great cost to everyone involved.”
Given the enormous number of Google bots scanning the Internet, the company is in a unique position to know which websites are being used to steal passwords or spread malware that allows hackers to remotely control people´s computers.
Provos said about 600 million people now utilize the Safe Browsing feature through programming interfaces incorporated into Chrome, Firefox and Safari. Some 12 million to 14 million people now receive warnings when Google´s search results lead to a site the company believes is malicious.
The warnings include bold letters saying: "Warning: Visiting this site may harm your computer!", which appear after a user has entered or clicked on a link that leads to a site believed to deliver malware or phishing pages.
Google also said it provides as many as 300 million malware warnings a day to Chrome users alone, and sends thousands of notifications each day to Web masters and Internet service providers to help them keep their sites and networks safe.
Although initiatives such as Google´s Safe Browsing program, and a similar program at Microsoft that warns Internet Explorer users, have made people more aware of malicious sites, cyber-criminals have adapted.
Indeed, web addresses for many phishing sites remain active for less than an hour to avert detection. Many sites pushing malware seek to avoid detection by quickly changing their location by using free Web hosting services, dynamic DNS records and automated generation of new domain names.
“They´re constantly trying to come up with new ways to circumvent our protection,” Provos said during an interview with Forbes.
“Our adversaries actively cycle the domains they use, so every 10 to 15 minutes, they´re using a new domain name. That´s greatly inflated the attack sites that we find.”
Google advised taking the following steps to prevent malware and phishing:
- Don't ignore warnings -- Legitimate sites are commonly modified to contain malware or phishing threats until the webmaster has cleaned their site. But malware is often designed to be unseen, so users won't know if their computer becomes infected. It´s best to wait for the warning to be removed before potentially exposing your machine to a harmful infection.
- Help Google find bad sites -- Chrome users can select the check box on the red warning page, which sends data to Google that helps them find bad sites more quickly.
- Register your website with Google Webmaster Tools to help Google quickly inform you if a suspicious code is ever found on your website.
“At the end of the day, bad people want to make money, and they´ll find ways,” said Provos.
“But we hope to push the bar up as high as we can.”