Somewhere between 12 million and 14 million Google searches every day trigger warnings about “compromised” sites, while dedicated attack websites built to distribute malware are on the rise, according to a new Google security report that gathers five years’ worth of data.
Google’s figures revealed that dedicated attack websites are on a comeback after declining in numbers in 2011. The websites try to avoid detection by Google’s Safe Browsing service by adopting several techniques, such as “rapidly changing their location through free web hosting, dynamic DNS records, and automated generation of new domain names”.
Google said that social media is now the weapon of choice for many attackers, as technical exploits are becoming harder to perform.
“As companies have designed browsers and plugins to be more secure over time, malware purveyors have also employed social engineering, where the malware author tries to deceive the user into installing malicious software without the need for any software vulnerabilities,” Google’s analysis said.
“While we see socially engineered attacks still trailing behind drive by downloads in frequency, this is a fast-growing category likely due to improved browser security.”
The data also reveals that phishing websites discovered monthly are becoming more prevelant, reaching a five-year high in 2012 of 300,000 websites.
Google finds an average of 9,500 new malicious websites every day, some of which are innocent websites that have been compromised by malware authors, and others that are built specifically for malware distribution or phishing.
But it isn’t all as bad as it sounds, as the study shows that the prevalence of infected websites peaked in 2009 and has since declined from approximately 350,000 by more than half to only 150,000 websites discovered monthly.
This article was originally published on the Inquirer.