Inside Google's Anti-Malware Operation

Trailrunner7 writes "A Google malware researcher gave a rare peek inside the company's massive anti-malware and anti-phishing efforts at the SecTor conference here, and the data the company has gathered shows that the attackers who make it their business to infect sites and exploit users are adapting their tactics very quickly and creatively to combat the efforts of Google and others. While Google is still a relative newcomer to the public security scene, the company has deployed a number of services and technologies recently that are designed to identify phishing sites, as well as sites serving malware, and prevent users from finding them. The tools include the Google SafeBrowsing API and a handful of services that are available to help site owners and network administrators find and eliminate malware and the attendant bugs from their sites. Fabrice Jaubert, of Google's anti-malware team, said the company has had good luck identifying and weeding out malicious sites of late. Still, as much as 1.5 percent of all search result pages on Google include links to at least one malware-distribution site, he said."

Holes in Google malware detection

[Animats]

There's been considerable improvement. Google still has some holes in dealing with "malware", phishing, etc. But these are mostly obscure tricks used to get around Google's malware reporting. You can report the sites below over and over, but nothing happens, because Google's reporting system doesn't understand that these Google features are exploitable.

• Phony login site hosted on Google Spreadsheets. [google.com] Yes, you can put a web page into a spreadsheet, and it doesn't seem to be checked for hostile code. Reported to PhishTank on February 19, 2010, and still up. [phishtank.com]
• Phony login site hosted on Google Groups. [google.com] Try the "download" link there, and you'll get the phony login page, which seems to be hosted by Google Storage. Somebody figured out that they could store an HTML phishing page in Google Storage and make it publicly visible. Reported to PhishTank on February 13, 2020. and still up. [phishtank.com]

I'm pleased to notice that, at last, Google is no longer running ads for software for spamming Craigslist. Search for "craigslist auto poster tool". There used to be ads for programs for spamming Craigslist, and some of them even accepted payment through Google Checkout. (That last could lead to legal problems, since Google was not only advertising an legally questionable product, but taking a cut of the revenue.) That seems to have stopped. There are still ads for offshored services which manually spam Craigslist. [google.com]