There are many dangers lurking out there on the Web. Anything from a discontented customer to a professional group of anarchist hackers can attack your company’s Internet presence, sometimes for little to no reason. Even sensitive government websites and military domains have been successfully assaulted in recent years.
Another kind of attack springs from within. You or your fellow employees and/or managers can accidentally click on a very convincing link only to receive a virus in return. Google performed a four-year research study about malware and posted the results to their Online Security blog. Read on to stay informed about the state of this very threatening side of the Internet.
Social engineering is a malware distribution mechanism that relies on tricking a user into installing malware. Typically, the malware is disguised as an anti-virus product or browser plugin. Social engineering has increased in frequency significantly and is still rising. However, it’s important to keep this growth in perspective — sites that rely on social engineering comprise only 2% of all sites that distribute malware.
Drive-by Download Exploit Trends
Far more common than social engineering, malicious pages install malware after exploiting a vulnerability in the browser or a plugin. This type of infection is often called a drive-by download. Our analysis of which vulnerabilities are actively being exploited over time shows that adversaries quickly switch to new and more reliable exploits to help avoid detection. The graph below shows the ratio of exploits targeting a vulnerability in one CVE to all exploits over time. Most vulnerabilities are exploited only for a short period of time until new vulnerabilities become available. A prominent exception is the MDAC vulnerability which is present in most exploit kits.
Malware distributors are increasingly relying upon ‘cloaking’ as a technique to evade detection. The concept behind cloaking is simple: serve benign content to detection systems, but serve malicious content to normal web page visitors. Over the years, we have seen more malicious sites engaging in IP cloaking. To bypass the cloaking defense, we run our scanners in different ways to mimic regular user traffic.
New Detection Capabilities
Our report analyzed four years of data to uncover trends in malware distribution on the web, and it demonstrates the ongoing tension between malware distributors and malware detectors. To help protect Internet users, even those who don’t use Google, we have updated the Safe Browsing infrastructure over the years to incorporate many state-of-the-art malware detection technologies. We hope the findings outlined in this report will help other researchers in this area and raise awareness of some of the current challenges.
Lee Goff is widely recognized for building a well renowned, globally-recognized Internet strategy and fulfillment company from the ground up. His company has managed Fiji’s entire Internet marketing strategy, and Lee is even the Chief Web Officer for Jay Conrad Levinson and Guerrilla Marketing! On top of that, his company is also a leading innovator, having received numerous awards and recognition including Innovator of the Year from Infusionsoft (the world’s leading software automation company). Lee’s lifelong passion for straightforward, results-driven Internet strategies is widely known and respected across the industry