Google’s Anti-Malware Operation

Posted by Admin | Saturday, December 04, 2010 | | 0 comments »

A researcher from the Google Anti-Malware department gave a unique peek at the technologies used by the massive Google as an effort to stop Malware and Phishing.

This event took place at SecTor conference, and it was brought to our attention that even if we combat these kind of attacks, the hackers always find new ways to adapt.

Even though Google is new to the public-security scene, they brought us a number of technologies and services that were designed to detect phishing sites as well as infected content, and blocking these from appearing into their search engine.

These tools include the Google SafeBrowsing Application Programmer Interface, which helps web-masters and network administrators to protect their streamed or received content.

All of this is done using the Google Crawlers, which are continously crawling web pages so that they will get listed into the search results. On the other hand, these crawlers are searching the websites for malwares or for websites that were hacked and now contain maliciously injected code.

Google is trying to get more clean sites listed than malicious ones, and till now, this action is successful.

The way the search for malicious websites, is by running a huge number of virtual machines that have unpatched versions of Windows operating systems pointed at reported websites. The reason why they run Windows, is because the most hijackers are targetting the Windows-based systems, because they are easier to infect.

After the checking through Windows virtual machines, they are copareing the data to the data found by the crawlers, and then automatically choose if it is a malicious website or a false-positive.

Even though Google's technologies are very efficient, the Google Anti-malware team still announces that 1.5 percent of the search results are leading to a malicious url. Most of these pages were hijacked, spammed, or just left behind and someone has gotten control over them.

They say that the most of these websites are running on servers which weren't patched, and attackers exploit them by using old methods which still works (like iframe redirection).

Stumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditAdd To FacebookAdd To Yahoo


Post a Comment