A peek into Google’s anti-malware operation   Leave a comment

Google goes to great lengths to secure its users from threats lurking on the Web, because a half-hearted effort would soon drive them out of business.

But, during his presentation at the SecTOR security conference in Toronto, Google security researcher Fabrice Jaubert revealed that sometimes even seemingly good methods are thwarted by careless users.

Take the warning page that Google presents to users when they try to access a website that is likely to harm their system as an example. It used to be that it contained a button which allowed them to proceed to the page and, surprisingly enough, 95 percent of the users would do just that – despite the warning.

So the company changed it, and now users must copy-past the URL of the offending page directly into the browser’s address bar if they want to access it – an extra step that hopefully allows their better judgement to kick in.

According to eSecurityPlanet, Jaubert says that Google distinguishes three kinds of malicious sites: phishing, spamming, and those serving malware. Phishing and spamming sites are usually removed from Google’s index, but only some types of malware sites receive the same treatment.

A likely reason behind this decision is that lately the criminals seem to prefer compromising legitimate websites instead of creating their own distribution pages in order to peddle their wares – as confirmed by Jaubert.

To find these sites, Google uses a massive number of virtual machines running unpatched Windows and Internet Explorer browser and out-of-date plug-ins, with which they visit potentially malicious websites. They also use the Firefox browser for testing, but Jaubert notes that new malware is usually first detected for IE, because it is still the most widely-used browser.

Using the data received with this type of testing and coupling it with data gathered by its site crawling mechanism, conclusions on whether a site is potentially malicious or not are reached and this knowledge is fed into a number of Google tools developed to help users (Safe Browsing API) and administrators (Google Webmasters, Safe Browsing Alerts for Network Administrators) avoid malware risks.

http://www.net-security.org/malware_news.php?id=1516&utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Advertisements

Posted October 29, 2010 by axxerainc in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: