It wasn’t long ago Google was boasting its ability to detect malware. This week the search giant reports that it’s getting harder to do so. Attackers today are getting better and better at disguising themselves and making it through malware detection systems using what is being referred to as IP cloaking.
When I hear the word ‘cloaking’ I think of something being invisible (and I admit I also think of Klingon and Romulan starships too). In this case though it refers to when a web page sends sweet and innocent code to Google’s malware detection systems, but malicious code to normal page visitors. Green light from Google, bad news for you. Red Alert!
This doesn’t mean that Google is slacking. Google delivers over 3 million malware warnings to over 400 million users every day. Large numbers like that are hard to grasp, but it’s a lot. Despite Google’s best attempts at detecting these evil sites, malware adapts. Google changes its detection methods and malware adapts to that. No, I’m not implying that malware is some sort of Borg assimilation attack, but is Google’s resistance futile? (sorry, last Star Trek reference I promise!)
The report isn’t based on simple data either. It’s based on over 4 years of information on how hackers attack web-malware detection systems. If you want some hard hitting facts with more numbers that are too large to really get, this includes over 160 million web pages hosted on 8 million sites. If you think that’s wow, how do you feel about knowing that about 160,000 (ish) websites online right now are using cloaked domains? It’s not very comforting (at least it shouldn’t be).
It’s hard to tell who will win this war, or if it’s even something that can be won. This news isn’t something to lose sleep over, but it’s definitely another reason to make sure you think twice before clicking. Just because you don’t get a malicious website warning from your browser doesn’t mean it’s safe to dive in. Be careful!