Hacked Websites are not just a nuisance for Webmasters; they can spew malware, causing headaches for visitors.
To help prevent the spread of malicious code online, Microsoft has improved its algorithm for detecting hacked Websites, the software giant announced. Providing a behind-the-scenes look at how the company spots compromised Websites, Igor Rondel, principal development manager, Bing Index Quality, said in a blog post that his group analyzes “every signal available to us” to determine if Web pages are infected and are likely to be reinfected at a later date.
“One of the key elements of this analysis is discovering clues about potential vulnerabilities on the ‘container’ hosting the page that could be exploited by malware distributors to spread their malware to other URLs under the container,” said Rondel.
David Felstead, principal development lead, Bing Index Quality Team, said the group’s work involved improving the accuracy of its detection tools. “At Bing, the nomenclature we use to describe a collection of URLs at the path, host or domain level is a ‘container’, and this is the basic unit we use for rollup—essentially if a container is rolled up, then every URL under that container will be considered malware,” he explained.
Microsoft has revamped how Bing performs a rollup, essentially deeming “an entire segment of a site or the site itself as malicious,” for more accurate malware detection and to prevent painting Websites, or parts of a Website, with too broad a brush if malware is found nestled within. “The balance we need to strike here over-triggering the warning when it appears the compromise may be localized or already cleaned up,” said Felstead.
Upon implementing the new algorithm, Microsoft reported the following changes:
–Rollup coverage on URLs in the Bing crawled index increased by 2x
–60 percent more high-risk malware URLs flagged with rollup on Bing SERPs (search engine results pages)
–Approximately 0.015 percent of Bing query traffic affected, that is ~1 in every 7,000 queries
By taking several factors into consideration, including the number of malicious URLs found in a container, the types of infections found and where within a site’s structure malware was discovered, the Bing Index Quality Team fine-tuned its malware detection capabilities. Not only do users benefit, but so do Website operators that may be distributing malware through no fault of their own.
Arguing that “compromises occur in a variety of ways, and by their nature are often extremely transient,” Felstead said that Bing’s new, more targeted approach prevents legitimate Websites from being unfairly vilified.
“Even the most secure, trusted sites may occasionally have malware detected on them not as the result of webmaster carelessness or misconfiguration (what we traditionally consider being ‘hacked’), but from malicious ads being distributed through third-party ad networks; not an uncommon experience,” said Felstead.
Cyber-criminals are increasingly relying on malicious advertising, or “malvertising,” to ensnare mobile device users. In March, enterprise security firm Blue Coat Systems released a report indicating that mobile malvertising constituted nearly 20 percent of all attacks seen by the company’s customers.
Even major Web properties aren’t immune. Yahoo was hit with a malware advertising attack that affected some of its European sites during the New Year festivities.
“In the cases of ad network compromise, infections tend to be transient and short lived, often occurring only once, and perhaps never showing up to a real person—in this case, a rollup of a site or container would be unwarranted,” added Felstead.