Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Bing’s on the Lookout for Hacked Websites

    By
    Pedro Hernandez
    -
    September 26, 2014
    Share
    Facebook
    Twitter
    Linkedin
      Bing Index Quality Team

      Hacked Websites are not just a nuisance for Webmasters; they can spew malware, causing headaches for visitors.

      To help prevent the spread of malicious code online, Microsoft has improved its algorithm for detecting hacked Websites, the software giant announced. Providing a behind-the-scenes look at how the company spots compromised Websites, Igor Rondel, principal development manager, Bing Index Quality, said in a blog post that his group analyzes “every signal available to us” to determine if Web pages are infected and are likely to be reinfected at a later date.

      “One of the key elements of this analysis is discovering clues about potential vulnerabilities on the ‘container’ hosting the page that could be exploited by malware distributors to spread their malware to other URLs under the container,” said Rondel.

      David Felstead, principal development lead, Bing Index Quality Team, said the group’s work involved improving the accuracy of its detection tools. “At Bing, the nomenclature we use to describe a collection of URLs at the path, host or domain level is a ‘container’, and this is the basic unit we use for rollup—essentially if a container is rolled up, then every URL under that container will be considered malware,” he explained.

      Microsoft has revamped how Bing performs a rollup, essentially deeming “an entire segment of a site or the site itself as malicious,” for more accurate malware detection and to prevent painting Websites, or parts of a Website, with too broad a brush if malware is found nestled within. “The balance we need to strike here over-triggering the warning when it appears the compromise may be localized or already cleaned up,” said Felstead.

      Upon implementing the new algorithm, Microsoft reported the following changes:

      –Rollup coverage on URLs in the Bing crawled index increased by 2x

      –60 percent more high-risk malware URLs flagged with rollup on Bing SERPs (search engine results pages)

      –Approximately 0.015 percent of Bing query traffic affected, that is ~1 in every 7,000 queries

      By taking several factors into consideration, including the number of malicious URLs found in a container, the types of infections found and where within a site’s structure malware was discovered, the Bing Index Quality Team fine-tuned its malware detection capabilities. Not only do users benefit, but so do Website operators that may be distributing malware through no fault of their own.

      Arguing that “compromises occur in a variety of ways, and by their nature are often extremely transient,” Felstead said that Bing’s new, more targeted approach prevents legitimate Websites from being unfairly vilified.

      “Even the most secure, trusted sites may occasionally have malware detected on them not as the result of webmaster carelessness or misconfiguration (what we traditionally consider being ‘hacked’), but from malicious ads being distributed through third-party ad networks; not an uncommon experience,” said Felstead.

      Cyber-criminals are increasingly relying on malicious advertising, or “malvertising,” to ensnare mobile device users. In March, enterprise security firm Blue Coat Systems released a report indicating that mobile malvertising constituted nearly 20 percent of all attacks seen by the company’s customers.

      Even major Web properties aren’t immune. Yahoo was hit with a malware advertising attack that affected some of its European sites during the New Year festivities.

      “In the cases of ad network compromise, infections tend to be transient and short lived, often occurring only once, and perhaps never showing up to a real person—in this case, a rollup of a site or container would be unwarranted,” added Felstead.

      Pedro Hernandez
      Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the Internet.com network of IT-related websites and as the Green IT curator for GigaOM Pro.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×