Google Adds Malware, Phishing Data to Transparency Report

Google flags up to 10,000 suspicious sites a day and the company says it is passing more of this information to Web users to keep them informed about malicious sites.

Google has added statistics about malware and phishing attacks to the company's Transparency Report as a means of educating users about threats on the Web.

"Two of the biggest threats online are malicious software (known as malware) that can take control of your computer, and phishing scams that try to trick you into sharing passwords or other private information," blogged Lucas Ballard, software engineer at Google.

We're currently flagging up to 10,000 sites a day—and because we share this technology with other browsers there are about 1 billion users we can help keep safe," he continued. "But we're always looking for new ways to protect users' security. So today we're launching a new section on our Transparency Report that will shed more light on the sources of malware and phishing attacks."

The numbers can be used to inform people how many users are receiving Safe Browsing warnings each week, as well as where malicious sites are hosted around the world and how quickly Websites are being re-infected after their owners clean malware from their sites, Ballard wrote. The Safe Browsing program was started in 2006 as a means of identifying and flagging malicious Websites.

According to the report, Google’s Safe Browsing technology examines billions of URLs per day to see if they are unsafe, resulting in the company discovering thousands of new unsafe sites every day. Many of these are legitimate sites that have been compromised, Google noted.

In its latest Website Security Statistics Report, WhiteHat Security found that 86 percent of the sites it analyzed had at least one serious bug that could be leveraged in an attack, even though the total number of serious vulnerabilities per Website fell from 79 in 2011 to 56 in 2012.

According to Google, as of the week of March 17, the average time for Webmasters to clean up their sites was 50 days after receiving notification that they have been compromised.

"When we detect unsafe sites, we show warnings on Google Search and in Web browsers," according to the report.

The report now also has a section describing "notable events" that have occurred during the year. For example, the week of June 2, a campaign targeting vulnerabilities in Java and Acrobat Reader infected more than 7,500 sites. As a result, more than 75 million Safe Browsing API users receive malware warnings during this week, according to the report.

The Transparency Report has traditionally been used by Google to list the number of data requests the company receives from courts and the government. The numbers also include other information as well, such as the number of requests by copyright owners to remove content. Recently, Yahoo, Microsoft and other companies have moved to offer more detail about government requests for data in light of allegations about their roles in government surveillance of the public's communications.

"Sharing this information [about malware] also aligns well with our Transparency Report, which already gives information about government requests for user data, government requests to remove content, and current disruptions to our services," Ballard blogged.