Sign In

Communications of the ACM

ACM TechNews

Google Highlights Trouble in Detecting Web-Based Malware


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Google headquarters

Google headquarters.

Justin Sullivan / Getty Images

It is now more difficult to identify malicious Web sites and attacks as antivirus software is proving to be an ineffective defense against new threats, according to a Google study.

The researchers analyzed four years' worth of data from 8 million Web sites and 160 million Web pages using its Safe Browsing service, which feeds the data into Google's Chrome browser, warning users when they land on a site loaded with malware.

Recently, attackers have been using a variety of evasion techniques, which are designed to stop the sites from being flagged as malicious, that make the detection process much more difficult. One of the ways hackers get around virtual machine-based detection is to require the victim to perform a mouse click, which triggers the site to automatically execute an attack. Browser emulators can malfunction when the malicious code is scrambled.

A new, more complex JavaScript code is designed to stop emulated browsers and make manual analysis of the code more difficult, according to the Google engineers. Google also has come across IP cloaking, where a malicious Web site will refuse to serve harmful content to specific IP ranges, especially those used by security researchers. In August 2009, Google found that about 200,000 sites were using IP cloaking.

From IDG News
View Full Article

Abstracts Copyright © 2011 Information Inc. External Link, Bethesda, Maryland, USA 


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account