Google Safe Browsing Program 5 Years Old – Been Blacklisted Lately?

Today Google released a nice post: Safe Browsing – Protecting Web Users for 5 Years and Counting. In it they provide a good summary of what they have been up to the past 5 years with their Safe Browsing program.

Here are some interesting data points:

  • 600 million users are protected
  • 9,500 new malicious websites are found every day
  • 12 – 14 million Google Search queries show malicious warnings
  • Provide warnings to about 300,000 downloads per day
  • Send thousands of notifications daily to webmasters
  • Sent thousands of notifications daily to Internet Service Providers (ISPs)


As jaw dropping as some of these numbers are, they should not be too surprising. If you were at our most recent talk we share some statistics on the latest web-malware trends. You can find the talk in our latest Learn post How To: Stop The Hacker By Hardening WordPress.

In it I provide the following statistics:

Web Numbers

Can’t really talk about web-based malware without understanding the scope of the web, so lets look at that for a minute:

Web Malware Numbers

With a better understanding of the web now we can focus on web-based malware and its data points of interest:

Not exactly a statistic, but its good to note Blue Coats assessment that malnets (Malware Networks) emerged as the next evolution in the threat landscape (Source: BlueCoat 2012 Web Security Report) in 2011. In their report they even share a nice image of the five largest botnets they are tracking:

Top 5 Malnets

Summarizing Google’s Post

All that being said, let’s refocus our discussion on Google’s post today. I especially like how they focused it around to specific web threats – Web Malware and Phishing:

Phishing

They highlight that from what they are seeing, phishing attacks have three key characteristics today, they are:

  • Faster
  • More Diverse
  • Used to Distribute Malware

With it they provide a nice graph that illustrates the trends in phishing sites discovered monthly going back to when they first formed the group, 2007:

Malware

In this section two main categories were identified as potentially harmful to users:

  • Legitimate websites that are compromised
  • Attack websites that are specifically built to distribute malware

They go on to focus specifically on drive-by-download attacks specifically focusing on what they look to accomplish:

  • Spyware to gather information
  • Malware to disrupt the performance of your system

They then share two very interesting graphs that show trends going back to 2007. First one focuses on websites infected and second one on attack websites, the upward and downward trend in each category respectively is very interesting.

This chart focuses specifically on the legitimate sites that were found to be compromised:

Google Chart

While this chart focuses on those websites specifically designed with malicious intent:

Google Chart

Wrapping it Up

When you look at the these numbers and illustrations its difficult not to be amazed at the trends. We commend Google for the work they are doing, along with the various other Blacklisting Authorities, and we only ask that this information continue to be pushed to the masses. It is our opinion that we are nowhere near the peak of the web-malware problem and in a few years it will be as prevalent as its close cousin – desktop malware.

If you’re in the market for real time data another useful resource would be our labs, found at http://labs.sucuri.net. In it you will find a daily dump of the latest threats being identified via our system.


We hope this was helpful. If you have any questions or concerns regarding any of the tips in this post please don’t hesitate to contact us at info@sucuri.net.

Scan your website for free:
About Tony Perez

I'm a technologist with a passion for the Information Security domain. I am especially interested in malware reverse engineering, incident handling and response as well as offensive counter measures. Catch my personal rants on tonyonsecurity.com and follow on twitter at perezbox.