Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside Google's Anti-Malware Operation

Posted by timothy on from the please-use-more-stress-positions dept.

Trailrunner7 writes "A Google malware researcher gave a rare peek inside the company's massive anti-malware and anti-phishing efforts at the SecTor conference here, and the data the company has gathered shows that the attackers who make it their business to infect sites and exploit users are adapting their tactics very quickly and creatively to combat the efforts of Google and others. While Google is still a relative newcomer to the public security scene, the company has deployed a number of services and technologies recently that are designed to identify phishing sites, as well as sites serving malware, and prevent users from finding them. The tools include the Google SafeBrowsing API and a handful of services that are available to help site owners and network administrators find and eliminate malware and the attendant bugs from their sites. Fabrice Jaubert, of Google's anti-malware team, said the company has had good luck identifying and weeding out malicious sites of late. Still, as much as 1.5 percent of all search result pages on Google include links to at least one malware-distribution site, he said."

10 of 105 comments (clear)

  1. "Can I turn it off?" by Grismar · · Score: 4, Interesting

    This suggests that Google will actively filter out sites that spread malware or are phishing? I'm sure Google will do a fine job at it and odds are I would leave such a feature on, but shouldn't there be an option to turn it off? I would feel way better about a search engine if I knew I could turn all its censoring features off. It's the same with SafeSearch, I have it turned to moderate, but I like the fact that I can opt to turn it off.

  2. It's a group effort. by happy_place · · Score: 4, Interesting

    I've got a buddy from Bluecoat. They regularly search for these sites, and he says their company regularly reports malware sites to Google. He said there was a time when their software blocked Google because it wouldn't clean up its act. Things have changed.

    --
    http://www.beanleafpress.com
  3. Re:I like it by LordSnooty · · Score: 2, Interesting

    It's much more preferable to the AV industry's blackmail tactics... give us your money every year and we'll try and squash these progs... but we might not... if we don't there's bugger all you can do about it.

    Much better is stopping the bad sites appearing in the first place. And all for free! Stuff like this is why Google can hold on to the "don't be evil" line for now.

  4. Re:Details by surmak · · Score: 3, Insightful

    That's about all the article says. It is amazingly information free. Anything else that is mentioned can be deduced by anybody who uses Google's services and has a bit of knowledge and the logic.

    As I was reading it (yes, I know that is a cardinal sin on /.) It felt like there was going to be more in interesting information forthcoming, but there was never anything (other then use use of VMs) that was surprising in any way.

    It would be nice if the editors would stop posting content-free stories.

    </rant>

  5. Re:Shame by weicco · · Score: 3, Interesting

    Should Linux developers feel shame also when someone gets his/her machine compromised by running ten years old unpatched stuff? Should door lock makers feel shame if I get my house robbed because I didn't fix broken outdoor lock?

    --
    You don't know what you don't know.
  6. Re:Fighting malware doesn't have to complicated by JonySuede · · Score: 2, Interesting

    Malware is about third of the problem,
    There is not one OS that protect against the type your sudo password to see the dancing bunnies. Not one that protect you against phising and scamming.

    --
    Jehovah be praised, Oracle was not selected
  7. Re:Virtual Fail Guy by ByOhTek · · Score: 2

    Given that most home computers run Windows, and a lot of business workstations as well, would Windows be a normal computer?

    --
    Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
  8. Re:Fighting malware doesn't have to complicated by ByOhTek · · Score: 2, Interesting

    Hahaha. I'm glad you aren't in charge of any IT security.

    At least, I seriously hope you aren't.

    Because if you think that's going to give you a huge security boost, you've got another thing coming.

    You get better security with an informed user than switching from any current OS to any other current OS.

    --
    Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
  9. Google Groups Spam by CondeZer0 · · Score: 3, Insightful

    This is all nice and great, but it is quite pathetic that they can't fix all the spam in Google gropus, and isn't like it is rocket science, when exactly the same message with the same spam-link gets posed to hundreds of groups.

    --
    "When in doubt, use brute force." Ken Thompson
  10. Holes in Google malware detection by Animats · · Score: 2, Informative

    There's been considerable improvement. Google still has some holes in dealing with "malware", phishing, etc. But these are mostly obscure tricks used to get around Google's malware reporting. You can report the sites below over and over, but nothing happens, because Google's reporting system doesn't understand that these Google features are exploitable.

    I'm pleased to notice that, at last, Google is no longer running ads for software for spamming Craigslist. Search for "craigslist auto poster tool". There used to be ads for programs for spamming Craigslist, and some of them even accepted payment through Google Checkout. (That last could lead to legal problems, since Google was not only advertising an legally questionable product, but taking a cut of the revenue.) That seems to have stopped. There are still ads for offshored services which manually spam Craigslist.