Google Safe Browsing Program 5 Years Old – Been Blacklisted Lately?

Today Google released a nice post: Safe Browsing – Protecting Web Users for 5 Years and Counting. In it they provide a good summary of what they have been up to the past 5 years with their Safe Browsing program.

Here are some interesting data points:

• 600 million users are protected
• 9,500 new malicious websites are found every day
• 12 – 14 million Google Search queries show malicious warnings
• Provide warnings to about 300,000 downloads per day
• Send thousands of notifications daily to webmasters
• Sent thousands of notifications daily to Internet Service Providers (ISPs)

As jaw dropping as some of these numbers are, they should not be too surprising. If you were at our most recent talk we share some statistics on the latest web-malware trends. You can find the talk in our latest Learn post How To: Stop The Hacker By Hardening WordPress.

In it I provide the following statistics:

Web Numbers

Can’t really talk about web-based malware without understanding the scope of the web, so lets look at that for a minute:

• > 700 Million websites – As of May 2012 (Source: Netcraft)
• 300 Million websites – Number of websites in 2011 (Source: Pingdom)
• 10.82 Billion indexed pages – (Source: WorldWebSize)
• 2.1 Billion internet users worldwide – (Source: Pingdom)
• 1 Billion websites – Projected by 2013 (Source: Toni Schneider)
• 2 Billion websites – Projected by 2015 (Source: Toni Schneider)

Web Malware Numbers

With a better understanding of the web now we can focus on web-based malware and its data points of interest:

• 55,294 malicious domain in 2011 – 130% growth from 2010 (Source: Symantec Threat Report, Vol. 17)
• 81% increase in malicious attacks – 2010 to 2011 (Source: Symantec Threat Report, Vol. 17)

Not exactly a statistic, but its good to note Blue Coats assessment that malnets (Malware Networks) emerged as the next evolution in the threat landscape (Source: BlueCoat 2012 Web Security Report) in 2011. In their report they even share a nice image of the five largest botnets they are tracking:

Summarizing Google’s Post

All that being said, let’s refocus our discussion on Google’s post today. I especially like how they focused it around to specific web threats – Web Malware and Phishing:

Phishing

They highlight that from what they are seeing, phishing attacks have three key characteristics today, they are:

• Faster
• More Diverse
• Used to Distribute Malware

With it they provide a nice graph that illustrates the trends in phishing sites discovered monthly going back to when they first formed the group, 2007:

Malware

In this section two main categories were identified as potentially harmful to users:

• Legitimate websites that are compromised
• Attack websites that are specifically built to distribute malware

They go on to focus specifically on drive-by-download attacks specifically focusing on what they look to accomplish:

• Spyware to gather information
• Malware to disrupt the performance of your system

They then share two very interesting graphs that show trends going back to 2007. First one focuses on websites infected and second one on attack websites, the upward and downward trend in each category respectively is very interesting.

This chart focuses specifically on the legitimate sites that were found to be compromised:

While this chart focuses on those websites specifically designed with malicious intent:

Wrapping it Up

When you look at the these numbers and illustrations its difficult not to be amazed at the trends. We commend Google for the work they are doing, along with the various other Blacklisting Authorities, and we only ask that this information continue to be pushed to the masses. It is our opinion that we are nowhere near the peak of the web-malware problem and in a few years it will be as prevalent as its close cousin – desktop malware.

If you’re in the market for real time data another useful resource would be our labs, found at http://labs.sucuri.net. In it you will find a daily dump of the latest threats being identified via our system.

We hope this was helpful. If you have any questions or concerns regarding Blacklist Removal or any of the tips in this post please don’t hesitate to contact us at info@sucuri.net.