Google Expands Unsafe Site Reporting

June 26, 2013

For some time now, Google has published its Transparency Report, which gives a high-level overview of how Google relates to events in the world at large. The report has historically included several sections:

  • Traffic to Google services (current and historical, highlighting disruptions)
  • Information removal requests (by copyright holders and governments)
  • Requests for user data (by governments)

This information can be interesting in light of current events. For example, at this writing, Google reports ongoing disruptions to their services in Pakistan, China, Morocco, Tajikistan,Turkey, and Iran.

Now, according to a post on the Official Google Blog, a new section will be added to the Transparency Report. The report is an outgrowth of work begun in 2006 with Google’s Safe Browsing Initiative.

So today we’re launching a new section on our Transparency Report that will shed more light on the sources of malware and phishing attacks. You can now learn how many people see Safe Browsing warnings each week, where malicious sites are hosted around the world, how quickly websites become reinfected after their owners clean malware from their sites, and other tidbits we’ve surfaced.

Google says that they flag about 10,000 sites per day for potentially malicious content. Many of there are legitimate sites that have been compromised in some way. The “Safe Browsing” section of the Transparency Report shows the number of unsafe sites detected per week, as well as the average time required to fix them.

Google, because its search engine “crawlers” cover so much of the Web, has an overview of what’s out there that few organizations can match. I think they are to be commended for making this information available.

“Safe Browsing” Turns Five

June 21, 2012

A little more than five years ago, Google launched its Online Security Blog, as part of an augmented effort to fight malware and phishing attacks, an effort the company called “Safe Browsing”.  Niels Provos, of Google’s security team, has just posted a brief summary of some of the knowledge gleaned from the Safe Browsing work.

A key part of the safe browsing effort is an infrastructure that can detect and catalog dangerous sites across the Internet.  Google uses this data to issue warnings with its search results, of course, but it also provides a free, public Safe Browsing API, so that other applications can check sites against Google’s list.  This protection, implemented in Chrome (of course), Firefox, and Safari, results in several million warnings being issued each day.   The scale of the effort is staggering; Google estimates that it identifies about 9,500 new malicious sites every day.  These are, in many cases, legitimate sites that have been compromised so that they attempt to install malware, or redirect the user to a site that does.  In other cases, the sites are built specifically for malicious purposes.

The general trend in these attacks, as we’ve seen before, is to get more polished and professional as time passes.  Google says that some sites use a given URL for an hour or less, in order to make detection more difficult.   Targeted phishing (or “spear phishing”) attacks are increasingly common, as are social engineering attacks, such as fake anti-virus warnings.  And the traditional “drive-by download” technique, in which the attacker attempts to compromise the user’s machine via a vulnerability in the browser or the OS, is still popular.

As Niels Bohr (the physicist and gunslinger) reportedly said, “Prediction is very difficult, especially about the future.”   Nonetheless, it seems unlikely that the current trends will change very much; we’ll continue to see more, and more sophisticated, attacks.  So pay attention to those security warnings, and be careful out there.

%d bloggers like this: