A little more than five years ago, Google launched its Online Security Blog, as part of an augmented effort to fight malware and phishing attacks, an effort the company called “Safe Browsing”. Niels Provos, of Google’s security team, has just posted a brief summary of some of the knowledge gleaned from the Safe Browsing work.
A key part of the safe browsing effort is an infrastructure that can detect and catalog dangerous sites across the Internet. Google uses this data to issue warnings with its search results, of course, but it also provides a free, public Safe Browsing API, so that other applications can check sites against Google’s list. This protection, implemented in Chrome (of course), Firefox, and Safari, results in several million warnings being issued each day. The scale of the effort is staggering; Google estimates that it identifies about 9,500 new malicious sites every day. These are, in many cases, legitimate sites that have been compromised so that they attempt to install malware, or redirect the user to a site that does. In other cases, the sites are built specifically for malicious purposes.
The general trend in these attacks, as we’ve seen before, is to get more polished and professional as time passes. Google says that some sites use a given URL for an hour or less, in order to make detection more difficult. Targeted phishing (or “spear phishing”) attacks are increasingly common, as are social engineering attacks, such as fake anti-virus warnings. And the traditional “drive-by download” technique, in which the attacker attempts to compromise the user’s machine via a vulnerability in the browser or the OS, is still popular.
As Niels Bohr (the physicist and gunslinger) reportedly said, “Prediction is very difficult, especially about the future.” Nonetheless, it seems unlikely that the current trends will change very much; we’ll continue to see more, and more sophisticated, attacks. So pay attention to those security warnings, and be careful out there.