Post Article

Safe Browsing identifies two main categories of websites that may harm visitors:

• Legitimate websites that are compromised in large numbers so they can deliver or redirect to malware.
• Attack websites that are specifically built to distribute malware are used in increasing numbers.

When a legitimate website is compromised, it’s usually modified to include content from an attack site or to redirect to an attack site. These attack sites will often deliver. Drive by Downloads to visitors. A drive by download exploits vulnerability in the browser to execute a malicious program on a user's computer without their knowledge.

Drive by downloads install and run a variety of malicious programs, such as:

• Spyware to gather information like your banking credentials.
• Malware that uses your computer to send spam.

Attack sites are purposely built for distributing malware and try to avoid detection by services such as Safe Browsing. To do so, they adopt several techniques, such as rapidly changing their location through free web hosting, dynamic DNS records, and automated generation of new domain names As companies have designed browsers and plugins to be more secure over time, malware purveyors have also employed social engineering, where the malware author tries to deceive the user into installing malicious software without the need for any software vulnerabilities. A good example is a “Fake Anti-Virus” alert that masquerades as a legitimate security warning, but it actually infects computers with malware.

While we see socially engineered attacks still trailing behind drive by downloads in frequency, this is a fast-growing category likely due to improved browser security.

How can you help prevent malware?

Our system is designed to protect users at high volumes yet here are a few things that you can do to help:

• Don't ignore our warnings. Legitimate sites are commonly modified to contain malware or phishing threats until the webmaster has cleaned their site. Malware is often designed to not be seen, so you won't know if your computer becomes infected. It's best to wait for the warning to be removed before potentially exposing your machine to a harmful infection.
• Help us find bad sites. Chrome users can select the check box on the red warning page. The data sent to us helps us find bad sites more quickly and helps protect other users.
• Register your website with 'Google Webmaster Tools'. Doing so helps us inform you quickly if we find suspicious code on your website at any point.

Looking forward

The threat landscape changes rapidly. Our adversaries are highly motivated by making money from unsuspecting victims, and at great cost to everyone involved.

Our tangible impact in making the web more secure and our ability to directly protect users from harm has been a great source of motivation for everyone on the Safe Browsing team. We are also happy that our free data feed has become the de facto base of comparison for academic research in this space.

As we look forward, Google continues to invest heavily in the Safe Browsing team, enabling us to counter newer forms of abuse. In particular, our team supplied the technology underpinning these recent efforts:

• Instantaneous phishing detection and download protection within the Chrome browser
• Chrome extension malware scanning
• Android application protection