Google blocks about 9,500 new malicious websites every day as part of its antiphishing and antimalware detection capabilities, according to new statistics released this week by the search engine giant.
These are either innocent websites that have been compromised by malware authors, or others that are built specifically for malware distribution or phishing.
Niels Provos, Google security team
Google’s Safe Browsing initiative, which was launched in 2007, blocks websites it believes are malicious in nature. Users who visit a site are greeted with a warning that the site could be serving up malware or attempting to phish individuals for their account credentials or other personal information.
“These are either innocent websites that have been compromised by malware authors, or others that are built specifically for malware distribution or phishing,” wrote Niels Provos of Google’s security team in a blog entry outlining the Safe Browsing program. “While we flag many sites daily, we strive for high quality and have had only a handful of false positives.”
The aim of Google’s Safe Browsing initiative was to reduce the threat of poisoned search engine results. Savvy cybercriminals caught on to Google’s search engine algorithms and optimized malicious websites to appear in certain search queries. It helped fuel the rise of rogue antivirus software. The fraudulent activity consists of tricking victims into thinking their system is infected with malware and then charging them a fee to wipe out the phony Trojan it detected.
Search engine results now contain a warning if a site is detected by Google as being potentially malicious in nature. Provos said between 12 to 14 million Google search queries a day display website warnings.
Compromised websites are the main driver of malware and phishing campaigns, according to security experts. The Black Hole exploit kit was responsible for surging numbers of drive-by attacks in 2011, enabling attackers to compromise websites and set up a drive-by attack campaign. Custom Web application coding errors are widespread and constantly being targeted by attackers using automated toolkits, according to a Hewlett Packard Co. study issued in April. Automated tools target coding errors that enable SQL injection and cross-site scripting attacks, according to IBM, which has documented a decline in Web application vulnerability disclosures and the number of exploits targeting them in 2011.
Google is also constantly being targeted by cybercriminals because of its massive user base. Earlier this month, website performance and security service provider CloudFlare said a flaw in Google Apps API enabled an attacker to steal account credentials and attack one of the company’s customers. The flaw enabled the attacker to breach CloudFlare’s email system to redirect email to a Twitter account and properly authenticate for Google Apps’ account recovery process. Google acknowledged and fixed the vulnerability.
Google Gmail is also constantly being targeted. The company announced it would warn users if it suspects they are being targeted by a state-sponsored attack. The company said its warning is meant to reduce spear phishing and targeted malware attacks. Google also added a mechanism to check the authenticity of users if they log in from a different location using a cell phone or an alternative email address.