It’s been five years since we officially announced malware and phishing protection via our Safe Browsing effort. The goal of Safe Browsing is still the same today as it was five years ago: to protect people from malicious content on the Internet. Today, this protection extends not only to Google’s search results and ads, but also to popular web browsers such as Chrome, Firefox and Safari.
To achieve comprehensive and timely detection of new threats, the Safe Browsing team at Google has labored continuously to adapt to rising challenges and to build an infrastructure that automatically detects harmful content around the globe.
For a quick sense of the scale of our effort:
- We protect 600 million users through built-in protection for Chrome, Firefox, and Safari, where we show several million warnings every day to Internet users. You may have seen our telltale red warnings pop up — when you do, please don’t go to sites we've flagged for malware or phishing. Our free and public Safe Browsing API allows other organizations to keep their users safe by using the data we’ve compiled.
- We find about 9,500 new malicious websites every day. These are either innocent websites that have been compromised by malware authors, or others that are built specifically for malware distribution or phishing. While we flag many sites daily, we strive for high quality and have had only a handful of false positives.
- Approximately 12-14 million Google Search queries per day show our warning to caution users from going to sites that are currently compromised. Once a site has been cleaned up, the warning is lifted.
- We provide malware warnings for about 300 thousand downloads per day through our download protection service for Chrome.
- We send thousands of notifications daily to webmasters. Signing up with Webmaster Tools helps us communicate directly with webmasters when we find something on their site, and our ongoing partnership with StopBadware.org helps webmasters who can't sign up or need additional help.
- We also send thousands of notifications daily to Internet Service Providers (ISPs) & CERTs to help them keep their networks clean. Network administrators can sign up to receive frequent alerts.
From here we’ll try to hit a few highlights from our journey.
Phishing
Many phishers go right for the money, and that pattern is reflected in the continued heavy targeting of online commerce sites like eBay & PayPal. Even though we’re still seeing some of the same techniques we first saw 5+ years ago, since they unfortunately still catch victims, phishing attacks are also getting more creative and sophisticated. As they evolve, we improve our system to catch more and newer attacks (Chart 1). Modern attacks are:
- Faster - Many phishing webpages (URLs) remain online for less than an hour in an attempt to avoid detection.
- More diverse - Targeted “spear phishing” attacks have become increasingly common. Additionally, phishing attacks are now targeting companies, banks, and merchants globally (Chart 2).
- Used to distribute malware - Phishing sites commonly use the look and feel of popular sites and social networks to trick users into installing malware. For example, these rogue sites may ask to install a binary or browser extension to enable certain fake content.
(Chart 1)
(Chart 2)
Malware
Safe Browsing identifies two main categories of websites that may harm visitors:
- Legitimate websites that are compromised in large numbers so they can deliver or redirect to malware (Chart 3).
- Attack websites that are specifically built to distribute malware are used in increasing numbers (Chart 4).
Drive by downloads install and run a variety of malicious programs, such as:
- Spyware to gather information like your banking credentials.
- Malware that uses your computer to send spam.
(Chart 3)
Attack sites are purposely built for distributing malware and try to avoid detection by services such as Safe Browsing. To do so, they adopt several techniques, such as rapidly changing their location through free web hosting, dynamic DNS records, and automated generation of new domain names (Chart 4).
(Chart 4)
As companies have designed browsers and plugins to be more secure over time, malware purveyors have also employed social engineering, where the malware author tries to deceive the user into installing malicious software without the need for any software vulnerabilities. A good example is a “Fake Anti-Virus” alert that masquerades as a legitimate security warning, but it actually infects computers with malware.
While we see socially engineered attacks still trailing behind drive by downloads in frequency, this is a fast-growing category likely due to improved browser security.
How can you help prevent malware and phishing?
Our system is designed to protect users at high volumes (Chart 5), yet here are a few things that you can do to help:
- Don't ignore our warnings. Legitimate sites are commonly modified to contain malware or phishing threats until the webmaster has cleaned their site. Malware is often designed to not be seen, so you won't know if your computer becomes infected. It’s best to wait for the warning to be removed before potentially exposing your machine to a harmful infection.
- Help us find bad sites. Chrome users can select the check box on the red warning page. The data sent to us helps us find bad sites more quickly and helps protect other users.
- Register your website with Google Webmaster Tools. Doing so helps us inform you quickly if we find suspicious code on your website at any point.
(Chart 5)
Looking Forward
The threat landscape changes rapidly. Our adversaries are highly motivated by making money from unsuspecting victims, and at great cost to everyone involved.
Our tangible impact in making the web more secure and our ability to directly protect users from harm has been a great source of motivation for everyone on the Safe Browsing team. We are also happy that our free data feed has become the de facto base of comparison for academic research in this space.
As we look forward, Google continues to invest heavily in the Safe Browsing team, enabling us to counter newer forms of abuse. In particular, our team supplied the technology underpinning these recent efforts:
- Instantaneous phishing detection and download protection within the Chrome browser
- Chrome extension malware scanning
- Android application protection
Congratulations, hope you keep us safe in the next 100 years!
ReplyDeleteCheers, and here's for another 5!
ReplyDeletethank you there is no one else as capable as you people in this whole world
ReplyDeleteThank you Google for all your services
Hey Niels great post and very proud of what you have done. thank you for keeping us and our families safer!
ReplyDeleteKeep up the great work!
Mehdi - A voice from the Past
Google could you please add like ! By the malicious links in search
ReplyDeleteWhat does an independent developer have to do so their software downloaded doesn't look like malware. In the latest build of Chrome it labels most setup files as dangerous: "file_name is not commonly downloaded and could be dangerous". It also now hides the Save button under a down menu via a tiny arrow. Discard is the only button displayed.
ReplyDeleteThere really needs to be a system at Google so independent software developers are't mistakenly labeled as dangerous.
I am working on the same topic. The dynamic and evolving threat landscape of malicious activities on the Web is very fascinating. I wish I was in this great team.
ReplyDeleteThanks for sharing your information.Keep on updating.
ReplyDeleteWhile your stats are impressive, they do not report on the number of false positives. I run a web site that your automated checks think is hosting malware, which is untrue. Asking for a review does not seem to clear the situation.
ReplyDeleteIn the meantime, I am loosing thousands of visits a day.No thnals for that, Google
Isn't it good to know that Google is at the forefront of making sure that the Internet should be free for everyone to use, while at the same time being vocal enough in reminding Web users to be cautious and responsible with their online activities? I believe we ought to give Google a lot of credit for doing so.
ReplyDeleteI was considering on getting magic desktop from easybits as a safe browser solution, do you know it? it's for my children and I want to understand whether this would be a preferable solution to avoid some of the issues you mention. Their page is http://www.magicdesktop.com/, if you can share an assessment of whether this is safe compared to your software would be most appreciated.
ReplyDeleteI didn't realize the threat are growing so fast. It's terrifying. Hope efforts like Yours will prevent those kind of anomalies. Thanks for Your efforts!
ReplyDeleteRegards.
Nice statistics, thanks Google for protecting us against malwares, webspams, phishing and so forth.
ReplyDeleteGracias a Dios que Google existe y cuida sus usuarios!
ReplyDeleteThis is awesome! I've been looking for some insight on finding quality safes in Toronto. Do you have any suggestions?
ReplyDeleteVery interesting post, and the step-by step guide is really very good. The result of the interactive menu is impressive. Thanks for sharing!
ReplyDeletewebsite design
Interesting Topic on safe web users.Now a days Chrome, Firefox, and Safari are most popular web browsers which is used by millions of people.web hosting companies | best hosting companies
ReplyDelete