Hard to believe, but Google adds 9,500 new websites every day to its running list of malicious Internet destinations, a member of the company’s security team said.
“These are either innocent websites that have been compromised by malware authors, or others that are built specifically for malware distribution or phishing,” said Google’s Neil Provos. “While we flag many sites daily, we strive for high quality and have had only a handful of false positives.”
With Google bots scanning huge swaths of the Internet, the company has a good idea which sites are stealing passwords or spreading malware that gives attackers remote control of computers. In 2007, Google unveiled Safe Browsing as a means to share that awareness with its hundreds of millions of users.
About 600 million people tap in to that awareness through programming interfaces built in to the Google Chrome, Mozilla Firefox, and Apple Safari browsers, Provos said. Some 12 million to 14 million end users also receive warnings when Google search results lead to a site the company believes is malicious. The warnings—which carry bold letters that say “Warning: Visiting this site may harm your computer!”—appear after an end-user has entered or clicked on a URL that leads to a site believed to deliver malware or phishing pages.
Safe Browsing and a similar Microsoft initiative (which provides warnings to Internet Explorer users) have made people more aware of malicious sites, but attackers have adapted. Web addresses for quite a few phishing sites remain active for less than an hour so they can fly under the radar. Sites pushing malware similarly try to avoid detection by rapidly changing their location using free Web hosting services, dynamic DNS records, and automated generation of new domain names.
Google provides as many as 300 million malware warnings per day to Chrome users. It also sends thousands of notifications per day to Web masters and ISPs to help them keep their sites and networks clean.