Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Google

Submission + - Google Analyzes Four Years of Web-Based Malware (securityweek.com)

wiredmikey writes: Google has released a new threat report highlighting how a mix of social engineering, IP cloaking and other techniques are keeping attackers on step ahead of some of the most popular security mechanisms on the Web.

The report, “Trends in Circumventing Web-Malware Detection,” analyzes four years of data covering some 160 million Web pages on roughly 8 million sites. As part of their analysis, Google researchers took a look at four of the most popular malware detection technologies on the Web: virtual machine client honeypots, browser emulator client honeypots, domain reputation and antivirus. In each case, attackers have found ways to sneak their way around security defenses, marking another leg in the ongoing race between attackers and vendors.

In a joint blog post, Google Security Team members noted that while social engineering is a popular Modus operandi for attackers, drive-by downloads are much more common. According to their analysis, attackers are quick to switch to new and more reliable exploits to avoid detection, and that most vulnerabilities are exploited only for a short period of time until new ones become available.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Google Analyzes Four Years of Web-Based Malware

Comments Filter:

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984

Working...