Google finds an increase in malicious sites
Posted on: 06/19/2012 03:52 PM
[
Comments
]
Although the number of compromised web sites is decreasing, as reported by Google's antimalware and anti-phishing systems, the number of outright malicious attack sites is back on the rise.
Google uses a number of different methods to detect malicious sites, malicious downloads and other threats. One of its key components is the company's Safe Browsing API, which is shares with other browser vendors.
While Google is still detecting 9,500 malicious sites every day, the number of compromised sites is dropping for the last few years. Those compromised sites typically are used in drive-by download attacks to install malware on victims' machines or use them as part of a botnet or to send spam. Some of those attacks also involve the use of other tactics such as social engineering or a series of redirects to push users to the compromised sites.
"When a legitimate website is compromised, its usually modified to include content from an attack site or to redirect to an attack site. These attack sites will often deliver "Drive by downloads" to visitors. A drive by download exploits a vulnerability in the browser to execute a malicious program on a user's computer without their knowledge," Niels Provos of Google's security team wrote in a blog post.
"As companies have designed browsers and plugins to be more secure over time, malware purveyors have also employed social engineering, where the malware author tries to deceive the user into installing malicious software without the need for any software vulnerabilities. A good example is a Fake Anti-Virus alert that masquerades as a legitimate security warning, but it actually infects computers with malware. "
The company's stats show that the number of phishing sites found each month was down toward 100,000 near the end of last year, but has spiked again and is now up above 300,000. It's not clear exactly what's behind the big increase, but one explanation may be that phishers now are changing the URLs for their sites as often as every hour, jacking up the total volume of sites.
"Many phishers go right for the money, and that pattern is reflected in the continued heavy targeting of online commerce sites like eBay & PayPal. Even though were still seeing some of the same techniques we first saw 5+ years ago, since they unfortunately still catch victims, phishing attacks are also getting more creative and sophisticated. As they evolve, we improve our system to catch more and newer attacks," Provos wrote.
Google uses a number of different methods to detect malicious sites, malicious downloads and other threats. One of its key components is the company's Safe Browsing API, which is shares with other browser vendors.
While Google is still detecting 9,500 malicious sites every day, the number of compromised sites is dropping for the last few years. Those compromised sites typically are used in drive-by download attacks to install malware on victims' machines or use them as part of a botnet or to send spam. Some of those attacks also involve the use of other tactics such as social engineering or a series of redirects to push users to the compromised sites.
"When a legitimate website is compromised, its usually modified to include content from an attack site or to redirect to an attack site. These attack sites will often deliver "Drive by downloads" to visitors. A drive by download exploits a vulnerability in the browser to execute a malicious program on a user's computer without their knowledge," Niels Provos of Google's security team wrote in a blog post.
"As companies have designed browsers and plugins to be more secure over time, malware purveyors have also employed social engineering, where the malware author tries to deceive the user into installing malicious software without the need for any software vulnerabilities. A good example is a Fake Anti-Virus alert that masquerades as a legitimate security warning, but it actually infects computers with malware. "
The company's stats show that the number of phishing sites found each month was down toward 100,000 near the end of last year, but has spiked again and is now up above 300,000. It's not clear exactly what's behind the big increase, but one explanation may be that phishers now are changing the URLs for their sites as often as every hour, jacking up the total volume of sites.
"Many phishers go right for the money, and that pattern is reflected in the continued heavy targeting of online commerce sites like eBay & PayPal. Even though were still seeing some of the same techniques we first saw 5+ years ago, since they unfortunately still catch victims, phishing attacks are also getting more creative and sophisticated. As they evolve, we improve our system to catch more and newer attacks," Provos wrote.
Comments
