Phishing sites that are active for only an hour? Welcome to the new scam world.

by Dan Goodin - June 19 2012



Google adds a staggering 9,500 new websites every day to its running list of malicious Internet destinations so the company can warn end users before they visit the sites, a member of the company's security team said.

"These are either innocent websites that have been compromised by malware authors, or others that are built specifically for malware distribution or phishing," Google's Neil Provos wrote in a blog post published on Tuesday to coincide with the five year anniversary of the company's Safe Browsing initiative. "While we flag many sites daily, we strive for high quality and have had only a handful of false positives."

With Google bots scanning huge swaths of the Internet, the company is almost uniquely qualified to know which ones are being used to steal passwords or spread malware that gives attackers remote control of people's computers. In 2007, Google unveiled Safe Browsing as a means to share that awareness with its hundreds of millions of users.

According to Provos, about 600 million people tap in to that awareness through programming interfaces built in to the Google Chrome, Mozilla Firefox, and Apple Safari browsers. Some 12 million to 14 million end users also receive warnings when Google search results lead to a site the company believes is malicious. The warnings—which carry bold letters that say "Warning: Visiting this site may harm your computer!"—appear after an end-user has entered or clicked on a URL that leads to a site believed to deliver malware or phishing pages.

Safe Browsing and a similar Microsoft initiative (which provides warnings to Internet Explorer users) have made people more aware of malicious sites, but attackers have adapted. Web addresses for many phishing sites remain active for less than an hour so they can fly under the radar. Many sites pushing malware similarly try to avoid detection by rapidly changing their location using free Web hosting services, dynamic DNS records, and automated generation of new domain names.

Google provides as many as 300 million malware warnings per day to Chrome users. It also sends thousands of notifications per day to Web masters and ISPs to help them keep their sites and networks clean.