Slashdot Mirror
Google Detects 9500 Malicious Sites Per Day
An anonymous reader writes "Five years after it was first introduced, Google's Safe Browsing program continues to provide a service to the 600 million Chrome, Firefox, and Safari users, as well as those searching for content through the company's eponymous search engine. According to Google Security Team member Niels Provos, the program detects about 9,500 new malicious websites and pops up several million warnings every day to Internet users. Once a site has been cleaned up, the warning is lifted. They provide malware warnings for about 300 thousand downloads per day through their download protection service for Chrome."
Does Google include *.gov?
Well for starters it's open source so you can see for yourself.
Well for starters it's open source so you can see for yourself.
I'd guess that the malware detection is actually performed by servers at Google. That would make more sense (to me, anyway) than trying to embed the code in the browsers where malware authors can examine it, and where updates require a browser release.
Er, I guess I should have clicked your link before shooting my mouth off, rather than after :-)
Er, I guess I should have read the code at the link you provided before correcting myself... since it appears that it does indeed connect to "safe browser servers" at Google.
I think I'll just shut up now, even if further perusal shows this comment to be wrong as well.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
This image from Google's blog post shows that majority of the phishing sites are hosted in the US. Interestingly, most of Africa is relatively "clean", except for Algeria and South Africa.
The Wknd Sessions - Malaysian and South East Asia independent music
Accuracy can be hit or miss. A lot of people in the translation communty use tools like chiitrans, chiitrans2, Translation Aggregator(TA) and agth. Google reguarlly flags sites with these as malware and specifically mentions these as malware, when they're no such thing. They also regularly flag mentions of RPG maker 2k(JP) as malware. To me it seems more like the engine is looking for anything that injects or hooks, which chiitrans, TA and agth do. Or non-standard character sets which the old RPG maker is. It uses the old non-ISO language flags. Newer versions like RPG Maker VX Ace do everything properly.
Om, nomnomnom...
Google stopped dealing with abuse on their own systems over a year ago. They don't correct any abuse complaints at all anymore. For example, if you take down a phishing site, there is always going to be a drop email somewhere in the php code of the phishing page. The stolen credentials get sent to this email address. If you report this illegal email address to google, they ignore it. These drop email addresses stay up and allow phishers to profit from their phishing campaigns for very very long periods of time. There are a number of times that this problem has been raised with google. They are always answered with, go to this page and report it there. Gmail abuse admins do absolutely nothing about things reported through this form. The only thing that happened is that they adjusted the form so that it just flat out rejects anything that does not have a header. So it is now IMPOSSIBLE to report drop emails to google. Additionally, google has a side channel abuse email "trusted.abuse.reports@google.com". Even if you report this type of abuse to that address, you get a autoresponse saying thanks for the report, but they do nothing to suspend or stop the abuse that it reported. I'm under the impression that Google has given up monitoring any of the channels that they have to receive abuse reports.
Here's our current list of major domains being exploited by active phishing scams. Notice who's at the top of the list. Google.
We've been generating that list for years. It's based on PhishTank data, updated every 3 hours, and uses Open Directory to decide if a site is "major". 46 domains are on the list today. 9 have been on the list since 2011 or earlier. One has been on the list since 2010 - Google. Google is the last free hosting service unable to clean up their phishing problem. MSN, Yahoo, and various free hosting services have been successful at aggressively cleaning up phishing problems, and haven't been on this list, other than briefly, for years.
Here's the oldest phishing attack hosted by Google, up since 2010: "Free Habbo Coins. Email your username and password to..."
For years, Google didn't realize that Google Spreadsheets could be used to host phishing sites. They finally caught on, and there's now a "report abuse" button on spreadsheets. Most, but not all, of the spreadsheet-hosted phishing sites have been taken down.
If anybody from Google is reading this, go over to your abuse department and apply a clue stick. It should embarrass someone that Google is the most clueless free hosting provider in the world about phishing.
Uhhh...all that is is the client connect code friend, have Google released the code they run on their own servers? last i checked that was a big NO so who the hell knows what is going on there. Frankly with as much data as Google gathers already and the changes in the privacy policy I'd be leery of sending that company, or any other for that matter, every single website i visit so they can "check it" for me. That is what i had an AV that scans before load and a sandboxed browser for anyway.
I do find it quite fascinating how there seems to be this kind of...disconnect for want of a better word, when it comes to Google. If oracle or MSFT or Apple or frankly any other company i can think of said 'yeah just send us every single link you ever click on and we'll check them for you, for your own protection of course" a good 90% of the comments would be geeks screaming and ranting like somebody set their kitty on fire, but Google? never even enters their mind, kinda like how Apple is treated as these anti-corporate hipsters because they have John Lennon posters in the Apple stores.
I just find it quite strange, this disconnect between reality and slogan. i frankly don't trust ANY corporation, not Google or Apple, not MSFT or Oracle, because i know EVERY SINGLE ONE if given the choice between having their profits go up 15% this quarter by throwing me in a cage with an enraged silverback with a club or not getting the paycheck would be "Batter up Bobo!", hell they'd probably find a way to market it, maybe T-shirts or hats or something. It just seems weird to me that so many seem to have this whole "corporate yay!" thing just because somebody in some corp said something or did something they like.
ACs don't waste your time replying, your posts are never seen by me.
No idea, but if you deal with reporting abuse all day long, you would respect Microsoft and Yahoo. They shut down abuse within moments. Google ignores abuse reports.