Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

NETSEC Archives

Date Prev | Date Next | Date Index | Author Index | Historical [Netsec] Google Report: How Web Attackers Evade Malware Detection

  • From: Howell, Paul
  • Date: Fri Aug 19 09:17:09 2011



Data gathered from Google's Safe Browsing API service reveals drive-by infections most common, with 'IP cloaking' on the rise

Aug 18, 2011 | 11:48 AM 

By Kelly Jackson Higgins
Dark Reading 
Attackers increasingly are engaging in "IP cloaking" to infect Web visitors, where they bypass malware detection systems by serving them clean pages while they drop malware on visitors to the site, according to a new report by Google's security team.

"Over the years, we have seen more malicious sites engaging in IP cloaking. To bypass the cloaking defense, we run our scanners in different ways to mimic regular user traffic," said Lucas Ballard and Niels Provos of the Google Security Team, in a blog post yesterday.

Google's research is based on more than four years of data gathered from its Safe Browsing API service. Google's Safe Browsing API is an online database that contains known malware-rigged Web pages and phishing sites. Chrome, as well as Mozilla's Firefox and Apple's Safari browsers, use the database, as well.


[…]





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.